diff --git a/mailer/views.py b/mailer/views.py
index 888bb64..8af2676 100644
--- a/mailer/views.py
+++ b/mailer/views.py
@@ -29,6 +29,13 @@ def get_queryset(self):
         return Groups.objects.filter(user=self.request.user.id)
 
     def post(self, request, *args, **kwargs):
+
+        if not request.user.is_authenticated:
+            return Response(
+                {'error':'permission denied.'},
+                status=status.HTTP_401_UNAUTHORIZED
+            )
+        
         if (
             Groups.objects.filter(user=request.user.id)
             .filter(name=request.data.get("name"))