diff --git a/changelog.d/7260.bugfix b/changelog.d/7260.bugfix
new file mode 100644
index 000000000000..9e50b56f2336
--- /dev/null
+++ b/changelog.d/7260.bugfix
@@ -0,0 +1 @@
+Fix room publish permissions not being checked on room creation.
diff --git a/synapse/handlers/room.py b/synapse/handlers/room.py
index df3e0cff6718..3d10e4b2d91b 100644
--- a/synapse/handlers/room.py
+++ b/synapse/handlers/room.py
@@ -645,6 +645,13 @@ def create_room(self, requester, config, ratelimit=True, creator_join_profile=No
                 check_membership=False,
             )
 
+        if is_public:
+            if not self.config.is_publishing_room_allowed(user_id, room_id, room_alias):
+                # Lets just return a generic message, as there may be all sorts of
+                # reasons why we said no. TODO: Allow configurable error messages
+                # per alias creation rule?
+                raise SynapseError(403, "Not allowed to publish room")
+
         preset_config = config.get(
             "preset",
             RoomCreationPreset.PRIVATE_CHAT