diff --git a/CHANGES.rst b/CHANGES.rst
index 340267f540..73e2613c5b 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -13,7 +13,7 @@ https://github.com/zopefoundation/Zope/blob/4.x/CHANGES.rst
 - Enable ZMI History tab for ``OFS.Image.File``.
   (`#396 <https://github.com/zopefoundation/Zope/pull/396>`_)
 
-- Fix error messages from spam/pen test requests.
+- Fix requests from spam/pentests to return BadRequest/400 errors
 
 - Fix a ``ResourceWarning`` emitted when uploading large files.
   (`#1242 <https://github.com/zopefoundation/Zope/issues/1242>`_)
diff --git a/src/ZPublisher/BaseRequest.py b/src/ZPublisher/BaseRequest.py
index d685c1556a..b9ca0d8288 100644
--- a/src/ZPublisher/BaseRequest.py
+++ b/src/ZPublisher/BaseRequest.py
@@ -469,8 +469,11 @@ def traverse(self, path, response=None, validated_hook=None):
                             # Zope2 doesn't set up its own adapters in a lot
                             # of cases so we will just use a default adapter.
                             adapter = DefaultPublishTraverse(object, self)
-
-                    object, default_path = adapter.browserDefault(self)
+                    try:
+                        object, default_path = adapter.browserDefault(self)
+                    except NotImplementedError:
+                        # Often from ViewNotCallableError
+                        return response.notFoundError(URL)
                     if default_path:
                         request._hacked_path = 1
                         if len(default_path) > 1: