diff --git a/app/controllers/conversations_controller.rb b/app/controllers/conversations_controller.rb
index 4512e8a3c..b667e31e4 100644
--- a/app/controllers/conversations_controller.rb
+++ b/app/controllers/conversations_controller.rb
@@ -35,7 +35,7 @@ class ConversationsController < ApplicationController
     # This will have to be removed when mobile autocomplete is ported to Typeahead
     recipients_param, column = [%i(contact_ids id), %i(person_ids person_id)].find {|param, _| params[param].present? }
     if recipients_param
-      person_ids = current_user.contacts.where(column => params[recipients_param].split(",")).pluck(:person_id)
+      person_ids = current_user.contacts.mutual.where(column => params[recipients_param].split(",")).pluck(:person_id)
     end
 
     opts = params.require(:conversation).permit(:subject)
diff --git a/spec/controllers/conversations_controller_spec.rb b/spec/controllers/conversations_controller_spec.rb
index 1c824128b..f3a0249e7 100644
--- a/spec/controllers/conversations_controller_spec.rb
+++ b/spec/controllers/conversations_controller_spec.rb
@@ -272,6 +272,39 @@ describe ConversationsController, :type => :controller do
           expect(response.body).to eq(I18n.t("javascripts.conversation.create.no_recipient"))
         end
       end
+
+      context "with non-mutual contact" do
+        before do
+          @person1 = FactoryGirl.create(:person)
+          @person2 = FactoryGirl.create(:person)
+          alice.contacts.create!(receiving: false, sharing: true, person: @person2)
+          @person3 = FactoryGirl.create(:person)
+          alice.contacts.create!(receiving: true, sharing: false, person: @person3)
+          @hash = {
+            format:       :js,
+            conversation: {subject: "secret stuff", text: "text debug"},
+            person_ids:   [@person1.id, @person2.id, @person3.id]
+          }
+        end
+
+        it "does not create a conversation" do
+          count = Conversation.count
+          post :create, @hash
+          expect(Conversation.count).to eq(count)
+        end
+
+        it "does not create a message" do
+          count = Message.count
+          post :create, @hash
+          expect(Message.count).to eq(count)
+        end
+
+        it "responds with an error message" do
+          post :create, @hash
+          expect(response).not_to be_success
+          expect(response.body).to eq(I18n.t("javascripts.conversation.create.no_recipient"))
+        end
+      end
     end
 
     context "mobile" do
@@ -418,6 +451,42 @@ describe ConversationsController, :type => :controller do
           post :create, @hash
           expect(Message.count).to eq(count)
         end
+
+        it "responds with an error message" do
+          post :create, @hash
+          expect(response).not_to be_success
+          expect(response.body).to eq(I18n.t("javascripts.conversation.create.no_recipient"))
+        end
+      end
+
+      context "with non-mutual contact" do
+        before do
+          @contact1 = alice.contacts.create(receiving: false, sharing: true, person: FactoryGirl.create(:person))
+          @contact2 = alice.contacts.create(receiving: true, sharing: false, person: FactoryGirl.create(:person))
+          @hash = {
+            format:       :js,
+            conversation: {subject: "secret stuff", text: "text debug"},
+            person_ids:   [@contact1.id, @contact2.id]
+          }
+        end
+
+        it "does not create a conversation" do
+          count = Conversation.count
+          post :create, @hash
+          expect(Conversation.count).to eq(count)
+        end
+
+        it "does not create a message" do
+          count = Message.count
+          post :create, @hash
+          expect(Message.count).to eq(count)
+        end
+
+        it "responds with an error message" do
+          post :create, @hash
+          expect(response).not_to be_success
+          expect(response.body).to eq(I18n.t("javascripts.conversation.create.no_recipient"))
+        end
       end
     end
   end