diff --git a/django_kepi/views.py b/django_kepi/views.py
index 5de9601..25bfa7d 100644
--- a/django_kepi/views.py
+++ b/django_kepi/views.py
@@ -292,6 +292,16 @@ class InboxView(django.views.View):
                 ]:
             return HttpResponse(
                     status = 415, # unsupported media type
+                    reason = 'Try application/activity+json',
+                    )
+
+        try:
+            decoded_body = json.loads(
+                    str(request.body, encoding='UTF-8'))
+        except json.decoder.JSONDecodeError:
+            return HttpResponse(
+                    status = 415, # unsupported media type
+                    reason = 'Invalid JSON',
                     )
 
         capture = django_kepi.validation.IncomingMessage(
@@ -300,7 +310,7 @@ class InboxView(django.views.View):
                 path = request.path,
                 signature = request.META['HTTP_SIGNATURE'],
                 content_type = request.META['CONTENT_TYPE'],
-                body = str(request.body, encoding='UTF-8'),
+                body = str(decoded_body)
                 )
         capture.save()
         logger.debug('%s: received %s with headers %s at %s -- now validating',
diff --git a/tests/test_inbox.py b/tests/test_inbox.py
index f873975..90764d7 100644
--- a/tests/test_inbox.py
+++ b/tests/test_inbox.py
@@ -54,7 +54,6 @@ class TestInbox(TestCase):
         self._post_to_inbox(INBOX_PATH)
 
     def test_non_json(self):
-
         keys = json.load(open('tests/keys/keys-0001.json', 'r'))
 
         body, headers = test_message_body_and_headers(
@@ -84,35 +83,28 @@ class TestInbox(TestCase):
     @httpretty.activate
     def test_malformed_json(self):
 
-        HUMAN_URL = 'https://users.example.com/my-dame'
-        ANIMAL_URL = 'https://animals.example.com/a-lame-tame-crane'
+        keys = json.load(open('tests/keys/keys-0001.json', 'r'))
 
-        mock_remote_object(HUMAN_URL, ftype='Person')
-        mock_remote_object(ANIMAL_URL, ftype='Person')
+        body, headers = test_message_body_and_headers(
+                f_actor = REMOTE_FRED,
+                secret = keys['private'],
+                )
+
+        broken_json = json.dumps(body)[1:]
 
         c = Client()
-
-        c.post('/sharedInbox',
-                content_type = 'application/activity+json',
-                data = {
-                    "id": "https://example.net/hello-world",
-                    "actor": HUMAN_URL,
-                    "object": ANIMAL_URL,
-                    "type": "Like",
-                    },
+        result = c.post(
+                path = INBOX_PATH,
+                content_type = headers['content-type'],
+                data = broken_json,
+                HTTP_DATE = headers['date'],
+                HOST = headers['host'],
+                HTTP_SIGNATURE = headers['signature'],
                 )
-        return
 
-        self.assertTrue(
-                IncomingMessage.objects.all().exists())
-
-        IncomingMessage.objects.all().delete()
-
-        text = text[1:] # remove leading {, so the JSON is invalid
-
-        c.post('/sharedInbox',
-                content_type = 'application/activity+json',
-                data = text,
+        self.assertEqual(
+                result.status_code,
+                415, # unsupported media type
                 )
 
         self.assertFalse(