diff --git a/irc/client_lookup_set.go b/irc/client_lookup_set.go
index 8aef784e..61e257a6 100644
--- a/irc/client_lookup_set.go
+++ b/irc/client_lookup_set.go
@@ -117,6 +117,10 @@ func (clients *ClientManager) SetNick(client *Client, session *Session, newNick
 	realname := client.realname
 	client.stateMutex.RUnlock()
 
+	if newNick != accountName && strings.ContainsAny(newNick, disfavoredNameCharacters) {
+		return "", errNicknameInvalid, false
+	}
+
 	// recompute always-on status, because client.alwaysOn is not set for unregistered clients
 	var alwaysOn, useAccountName bool
 	if account != "" {
diff --git a/irc/strings.go b/irc/strings.go
index 48bca280..9bc6ceb7 100644
--- a/irc/strings.go
+++ b/irc/strings.go
@@ -31,6 +31,11 @@ const (
 	// @ separates username from hostname
 	// : means trailing
 	protocolBreakingNameCharacters = " ,*?.!@:"
+
+	// #1436: we discovered that these characters are problematic,
+	// so we're disallowing them in new nicks/account names, but allowing
+	// previously registered names
+	disfavoredNameCharacters = `<>'";`
 )
 
 var (