diff --git a/privatemsg.module b/privatemsg.module
index a09ef17..9f8c48b 100644
--- a/privatemsg.module
+++ b/privatemsg.module
@@ -2656,12 +2656,20 @@ function privatemsg_privatemsg_recipient_type_info() {
       'load' => 'privatemsg_user_load_multiple',
       'format' => 'privatemsg_username',
       'autocomplete' => 'privatemsg_user_autocomplete',
+      'write callback' => '_privatemsg_recipient_user_write_permission',
       // Make sure this comes always last.
       '#weight' => 50,
     ),
   );
 }
 
+function _privatemsg_recipient_user_write_permission($recipient) {
+  if (is_object($recipient) && isset($recipient->uid)) {
+    return user_access('write privatemsg') && ($recipient->uid == 1 || user_access('read privatemsg', $recipient) || user_access('administer privatemsg settings', $recipient));
+  }
+  else return TRUE;
+}
+
 /**
  * Implements callback_recipient_autocomplete().
  */
diff --git a/privatemsg.test b/privatemsg.test
index 3b0d47f..4441549 100644
--- a/privatemsg.test
+++ b/privatemsg.test
@@ -242,6 +242,7 @@ class PrivatemsgTestCase extends PrivatemsgBaseTestCase {
     $author     = $this->drupalCreateUser(array('write privatemsg', 'select text format for privatemsg', filter_permission_name(filter_format_load('full_html'))));
     $recipient  = $this->drupalCreateUser(array('read privatemsg'));
     $recipient2  = $this->drupalCreateUser(array('read privatemsg', 'write privatemsg'));
+    $recipient3 = $this->drupalCreateUser(array());
 
     // Login author and go to new message form.
     $this->drupalLogin($author);
@@ -259,6 +260,12 @@ class PrivatemsgTestCase extends PrivatemsgBaseTestCase {
       'subject'     => $this->randomName(20),
       'body[value]' => $this->randomName(100),
     );
+    // Recipient with no read privatemsg permission.
+    $editnoreadpermision = array(
+      'recipient'   => $recipient3->name,
+      'subject'     => $this->randomName(20),
+      'body[value]' => $this->randomName(100),
+    );
     // No recipients.
     $editnone = array(
       'recipient'   => '',
@@ -317,6 +324,9 @@ class PrivatemsgTestCase extends PrivatemsgBaseTestCase {
     $this->drupalPost('messages/new', $edit2, t('Send message'));
     $this->assertText(t('A message has been sent to @recipients.', array('@recipients' => implode(', ', array($recipient->name, $recipient2->name)))), 'Message sent confirmation displayed.');
 
+    $this->drupalPost('messages/new', $editnoreadpermision, t('Send message'));
+    $this->assertText(t('You must include at least one valid recipient.'), 'Message not sent to user with no read permissions.');
+
     $this->drupalPost('messages/new', $editnone, t('Send message'));
     $this->assertText(t('To field is required.'), 'Message was not sent.');