diff --git a/node/api_relay.go b/node/api_relay.go
index e7ac306..eb3ce53 100644
--- a/node/api_relay.go
+++ b/node/api_relay.go
@@ -37,12 +37,19 @@ type RelayConfig struct {
 //	DELETE /relay/inbox/{envID}    ?pub=<x25519hex>
 //	GET    /relay/contacts         ?pub=<ed25519hex>
 func registerRelayRoutes(mux *http.ServeMux, rc RelayConfig) {
-	mux.HandleFunc("/relay/send", relaySend(rc))
-	mux.HandleFunc("/relay/broadcast", relayBroadcast(rc))
-	mux.HandleFunc("/relay/inbox/count", relayInboxCount(rc))
-	mux.HandleFunc("/relay/inbox/", relayInboxDelete(rc))
-	mux.HandleFunc("/relay/inbox", relayInboxList(rc))
-	mux.HandleFunc("/relay/contacts", relayContacts(rc))
+	// Writes go through withSubmitTxGuards: per-IP rate limit (10/s, burst 20)
+	// + 256 KiB body cap. Without these, a single attacker could spam
+	// 500 envelopes per victim in a few seconds and evict every real message
+	// via the mailbox FIFO cap.
+	mux.HandleFunc("/relay/send", withSubmitTxGuards(relaySend(rc)))
+	mux.HandleFunc("/relay/broadcast", withSubmitTxGuards(relayBroadcast(rc)))
+
+	// Reads go through withReadLimit: per-IP rate limit (20/s, burst 40).
+	// Protects against inbox-scraping floods from a single origin.
+	mux.HandleFunc("/relay/inbox/count", withReadLimit(relayInboxCount(rc)))
+	mux.HandleFunc("/relay/inbox/", withReadLimit(relayInboxDelete(rc)))
+	mux.HandleFunc("/relay/inbox", withReadLimit(relayInboxList(rc)))
+	mux.HandleFunc("/relay/contacts", withReadLimit(relayContacts(rc)))
 }
 
 // relayInboxList handles GET /relay/inbox?pub=<hex>[&since=<ts>][&limit=N]