diff --git a/common/messages/client.go b/common/messages/client.go
index b40c582..edb7115 100644
--- a/common/messages/client.go
+++ b/common/messages/client.go
@@ -6,6 +6,8 @@ package messages
 import (
 	"encoding/json"
 	"fmt"
+
+	"git.torproject.org/pluggable-transports/snowflake.git/v2/common/nat"
 )
 
 const ClientVersion = "1.0"
@@ -73,8 +75,14 @@ func DecodeClientPollRequest(data []byte) (*ClientPollRequest, error) {
 		return nil, fmt.Errorf("no supplied offer")
 	}
 
-	if message.NAT == "" {
-		message.NAT = "unknown"
+	switch message.NAT {
+	case "":
+		message.NAT = nat.NATUnknown
+	case nat.NATUnknown:
+	case nat.NATRestricted:
+	case nat.NATUnrestricted:
+	default:
+		return nil, fmt.Errorf("invalid NAT type")
 	}
 
 	return &message, nil
diff --git a/common/messages/messages_test.go b/common/messages/messages_test.go
index abb978d..a38746b 100644
--- a/common/messages/messages_test.go
+++ b/common/messages/messages_test.go
@@ -22,7 +22,7 @@ func TestDecodeProxyPollRequest(t *testing.T) {
 			{
 				//Version 1.0 proxy message
 				"ymbcCMto7KHNGYlp",
-				"",
+				"unknown",
 				"unknown",
 				0,
 				`{"Sid":"ymbcCMto7KHNGYlp","Version":"1.0"}`,
diff --git a/common/messages/proxy.go b/common/messages/proxy.go
index 3817c04..83606d3 100644
--- a/common/messages/proxy.go
+++ b/common/messages/proxy.go
@@ -7,9 +7,18 @@ import (
 	"encoding/json"
 	"fmt"
 	"strings"
+
+	"git.torproject.org/pluggable-transports/snowflake.git/v2/common/nat"
 )
 
-const version = "1.2"
+const (
+	version = "1.2"
+
+	ProxyStandalone = "standalone"
+	ProxyWebext     = "webext"
+	ProxyBadge      = "badge"
+	ProxyUnknown    = "unknown"
+)
 
 /* Version 1.2 specification:
 
@@ -116,12 +125,28 @@ func DecodePollRequest(data []byte) (sid string, proxyType string, natType strin
 		return
 	}
 
-	natType = message.NAT
-	if natType == "" {
-		natType = "unknown"
+	switch message.NAT {
+	case "":
+		message.NAT = nat.NATUnknown
+	case nat.NATUnknown:
+	case nat.NATRestricted:
+	case nat.NATUnrestricted:
+	default:
+		err = fmt.Errorf("invalid NAT type")
+		return
 	}
 
-	return message.Sid, message.Type, natType, message.Clients, nil
+	// we don't reject polls with an unknown proxy type because we encourage
+	// projects that embed proxy code to include their own type
+	switch message.Type {
+	case ProxyStandalone:
+	case ProxyWebext:
+	case ProxyBadge:
+	default:
+		message.Type = ProxyUnknown
+	}
+
+	return message.Sid, message.Type, message.NAT, message.Clients, nil
 }
 
 type ProxyPollResponse struct {