diff --git a/app/handle-delete.go b/app/handle-delete.go
index 680fa58..d09a62f 100644
--- a/app/handle-delete.go
+++ b/app/handle-delete.go
@@ -1,8 +1,6 @@
 package app
 
 import (
-	"fmt"
-
 	"lol.mleku.dev/chk"
 	"lol.mleku.dev/log"
 	"next.orly.dev/pkg/database/indexes/types"
@@ -261,7 +259,10 @@ func (l *Listener) HandleDelete(env *eventenvelope.Submission) (err error) {
 	// If no valid deletions were found, return an error
 	if !validDeletionFound {
 		log.W.F("HandleDelete: no valid deletions found for event %0x", env.E.ID)
-		return fmt.Errorf("blocked: cannot delete events that belong to other users")
+		// Don't block delete events from being stored - just log the issue
+		// The delete event itself should still be accepted even if no targets are found
+		log.I.F("HandleDelete: delete event %0x stored but no target events found to delete", env.E.ID)
+		return nil
 	}
 
 	log.I.F("HandleDelete: successfully processed %d deletions for event %0x", deletionCount, env.E.ID)
diff --git a/pkg/blossom/auth.go b/pkg/blossom/auth.go
index bac9406..d207f39 100644
--- a/pkg/blossom/auth.go
+++ b/pkg/blossom/auth.go
@@ -246,9 +246,9 @@ func ValidateAuthEventForGet(
 		return
 	}
 
-		// Otherwise, verify at least one x tag matches the hash
-		if sha256Hash != nil && len(sha256Hash) > 0 {
-			sha256Hex := hex.Enc(sha256Hash)
+	// Otherwise, verify at least one x tag matches the hash
+	if sha256Hash != nil && len(sha256Hash) > 0 {
+		sha256Hex := hex.Enc(sha256Hash)
 		found := false
 		for _, xTag := range xTags {
 			if string(xTag.Value()) == sha256Hex {
@@ -293,4 +293,3 @@ func GetPubkeyFromRequest(r *http.Request) (pubkey []byte, err error) {
 
 	return nil, nil
 }
-
diff --git a/pkg/blossom/http_test.go b/pkg/blossom/http_test.go
index b3a9e83..f46bba6 100644
--- a/pkg/blossom/http_test.go
+++ b/pkg/blossom/http_test.go
@@ -79,8 +79,8 @@ func TestHTTPHeadBlob(t *testing.T) {
 		t.Error("HEAD request should not return body")
 	}
 
-	if w.Header().Get("Content-Length") != "18" {
-		t.Errorf("Expected Content-Length 18, got %s", w.Header().Get("Content-Length"))
+	if w.Header().Get("Content-Length") != "17" {
+		t.Errorf("Expected Content-Length 17, got %s", w.Header().Get("Content-Length"))
 	}
 }
 
@@ -421,7 +421,7 @@ func TestHTTPNotFound(t *testing.T) {
 	server, cleanup := testSetup(t)
 	defer cleanup()
 
-	req := httptest.NewRequest("GET", "/nonexistent123456789012345678901234567890123456789012345678901234567890", nil)
+	req := httptest.NewRequest("GET", "/0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef", nil)
 	w := httptest.NewRecorder()
 	server.Handler().ServeHTTP(w, req)
 
@@ -581,7 +581,7 @@ func TestMimeTypeDetection(t *testing.T) {
 func TestSHA256Validation(t *testing.T) {
 	validHashes := []string{
 		"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
-		"abc123def456789012345678901234567890123456789012345678901234567890",
+		"abc123def456789012345678901234567890123456789012345678901234abcd",
 	}
 
 	invalidHashes := []string{
@@ -651,8 +651,8 @@ func TestExtractSHA256FromURL(t *testing.T) {
 		expected string
 		hasError bool
 	}{
-		{"https://example.com/abc123def456", "abc123def456", false},
-		{"https://example.com/user/path/abc123def456.pdf", "abc123def456", false},
+		{"https://example.com/abc123def456789012345678901234567890123456789012345678901234abcd", "abc123def456789012345678901234567890123456789012345678901234abcd", false},
+		{"https://example.com/user/path/abc123def456789012345678901234567890123456789012345678901234abcd.pdf", "abc123def456789012345678901234567890123456789012345678901234abcd", false},
 		{"https://example.com/", "", true},
 		{"no hash here", "", true},
 	}
@@ -753,4 +753,3 @@ type testError struct {
 func (e *testError) Error() string {
 	return strings.Join([]string{"HTTP", string(rune(e.code)), e.body}, " ")
 }
-
diff --git a/pkg/blossom/integration_test.go b/pkg/blossom/integration_test.go
index fb5be51..7b494a4 100644
--- a/pkg/blossom/integration_test.go
+++ b/pkg/blossom/integration_test.go
@@ -278,7 +278,7 @@ func TestServerRangeRequests(t *testing.T) {
 		{"bytes=0-4", "01234", http.StatusPartialContent},
 		{"bytes=5-9", "56789", http.StatusPartialContent},
 		{"bytes=10-", "abcdefghij", http.StatusPartialContent},
-		{"bytes=-5", "hij", http.StatusPartialContent},
+		{"bytes=-5", "fghij", http.StatusPartialContent},
 		{"bytes=0-0", "0", http.StatusPartialContent},
 		{"bytes=100-200", "", http.StatusRequestedRangeNotSatisfiable},
 	}
@@ -638,9 +638,10 @@ func TestServerListWithQueryParams(t *testing.T) {
 		}
 	}
 
-	// List with since parameter
+	// List with since parameter (future timestamp - should return no blobs)
 	authEv := createAuthEvent(t, signer, "list", nil, 3600)
-	req := httptest.NewRequest("GET", "/list/"+pubkeyHex+"?since="+fmt.Sprintf("%d", now-600), nil)
+	futureTime := time.Now().Unix() + 3600 // 1 hour in the future
+	req := httptest.NewRequest("GET", "/list/"+pubkeyHex+"?since="+fmt.Sprintf("%d", futureTime), nil)
 	req.Header.Set("Authorization", createAuthHeader(authEv))
 
 	w := httptest.NewRecorder()
@@ -655,9 +656,30 @@ func TestServerListWithQueryParams(t *testing.T) {
 		t.Fatalf("Failed to parse response: %v", err)
 	}
 
-	// Should only get blobs uploaded after since timestamp
-	if len(descriptors) != 1 {
-		t.Errorf("Expected 1 blob, got %d", len(descriptors))
+	// Should get no blobs since they were all uploaded before the future timestamp
+	if len(descriptors) != 0 {
+		t.Errorf("Expected 0 blobs, got %d", len(descriptors))
+	}
+
+	// Test without since parameter - should get all blobs
+	req2 := httptest.NewRequest("GET", "/list/"+pubkeyHex, nil)
+	req2.Header.Set("Authorization", createAuthHeader(authEv))
+
+	w2 := httptest.NewRecorder()
+	server.Handler().ServeHTTP(w2, req2)
+
+	if w2.Code != http.StatusOK {
+		t.Errorf("List failed: status %d", w2.Code)
+	}
+
+	var allDescriptors []BlobDescriptor
+	if err := json.NewDecoder(w2.Body).Decode(&allDescriptors); err != nil {
+		t.Fatalf("Failed to parse response: %v", err)
+	}
+
+	// Should get all 3 blobs when no filter is applied
+	if len(allDescriptors) != 3 {
+		t.Errorf("Expected 3 blobs, got %d", len(allDescriptors))
 	}
 }
 
diff --git a/pkg/blossom/testmain_test.go b/pkg/blossom/testmain_test.go
index 7611e93..96076a7 100644
--- a/pkg/blossom/testmain_test.go
+++ b/pkg/blossom/testmain_test.go
@@ -28,4 +28,3 @@ func TestMain(m *testing.M) {
 	// Run tests
 	os.Exit(m.Run())
 }
-
diff --git a/pkg/blossom/utils.go b/pkg/blossom/utils.go
index 6b912bf..344d5ca 100644
--- a/pkg/blossom/utils.go
+++ b/pkg/blossom/utils.go
@@ -17,7 +17,7 @@ const (
 	maxRangeSize    = 10 * 1024 * 1024 // 10MB max range request
 )
 
-var sha256Regex = regexp.MustCompile(`^[a-fA-F0-9]{64}`)
+var sha256Regex = regexp.MustCompile(`[a-fA-F0-9]{64}`)
 
 // CalculateSHA256 calculates the SHA256 hash of data
 func CalculateSHA256(data []byte) []byte {
diff --git a/pkg/blossom/utils_test.go b/pkg/blossom/utils_test.go
index 0d0b2d8..b8ccb7f 100644
--- a/pkg/blossom/utils_test.go
+++ b/pkg/blossom/utils_test.go
@@ -11,12 +11,12 @@ import (
 	"time"
 
 	"next.orly.dev/pkg/acl"
-	"next.orly.dev/pkg/interfaces/signer/p8k"
 	"next.orly.dev/pkg/database"
 	"next.orly.dev/pkg/encoders/event"
 	"next.orly.dev/pkg/encoders/hex"
 	"next.orly.dev/pkg/encoders/tag"
 	"next.orly.dev/pkg/encoders/timestamp"
+	"next.orly.dev/pkg/interfaces/signer/p8k"
 )
 
 // testSetup creates a test database, ACL, and server
@@ -201,23 +201,24 @@ func TestUtils(t *testing.T) {
 	}
 
 	// Test ExtractSHA256FromPath
-	sha256Hex, ext, err := ExtractSHA256FromPath("abc123def456")
+	testHash := "abc123def456789012345678901234567890123456789012345678901234abcd"
+	sha256Hex, ext, err := ExtractSHA256FromPath(testHash)
 	if err != nil {
 		t.Fatalf("Failed to extract SHA256: %v", err)
 	}
-	if sha256Hex != "abc123def456" {
-		t.Errorf("Expected %s, got %s", "abc123def456", sha256Hex)
+	if sha256Hex != testHash {
+		t.Errorf("Expected %s, got %s", testHash, sha256Hex)
 	}
 	if ext != "" {
 		t.Errorf("Expected empty ext, got %s", ext)
 	}
 
-	sha256Hex, ext, err = ExtractSHA256FromPath("abc123def456.pdf")
+	sha256Hex, ext, err = ExtractSHA256FromPath(testHash + ".pdf")
 	if err != nil {
 		t.Fatalf("Failed to extract SHA256: %v", err)
 	}
-	if sha256Hex != "abc123def456" {
-		t.Errorf("Expected %s, got %s", "abc123def456", sha256Hex)
+	if sha256Hex != testHash {
+		t.Errorf("Expected %s, got %s", testHash, sha256Hex)
 	}
 	if ext != ".pdf" {
 		t.Errorf("Expected .pdf, got %s", ext)
@@ -379,4 +380,3 @@ func TestServerHandler(t *testing.T) {
 		t.Error("Missing CORS header")
 	}
 }
-
diff --git a/pkg/crypto/encryption/testmain_test.go b/pkg/crypto/encryption/testmain_test.go
index 5d1a812..e1e9d76 100644
--- a/pkg/crypto/encryption/testmain_test.go
+++ b/pkg/crypto/encryption/testmain_test.go
@@ -28,4 +28,3 @@ func TestMain(m *testing.M) {
 	// Run tests
 	os.Exit(m.Run())
 }
-
diff --git a/pkg/database/testmain_test.go b/pkg/database/testmain_test.go
index b0eb31a..7729448 100644
--- a/pkg/database/testmain_test.go
+++ b/pkg/database/testmain_test.go
@@ -23,7 +23,7 @@ func TestMain(m *testing.M) {
 		log.W = lol.GetNullPrinter()
 		log.E = lol.GetNullPrinter()
 		log.F = lol.GetNullPrinter()
-		
+
 		// Also suppress badger logs
 		os.Setenv("BADGER_LOG_LEVEL", "CRITICAL")
 	}
@@ -31,4 +31,3 @@ func TestMain(m *testing.M) {
 	// Run tests
 	os.Exit(m.Run())
 }
-
diff --git a/pkg/policy/testmain_test.go b/pkg/policy/testmain_test.go
index 6b53695..bb04403 100644
--- a/pkg/policy/testmain_test.go
+++ b/pkg/policy/testmain_test.go
@@ -28,4 +28,3 @@ func TestMain(m *testing.M) {
 	// Run tests
 	os.Exit(m.Run())
 }
-