Comment 2 for bug 595166

From the dup: """"curtis says: The message is spam. It was sent from a compromised email account:
    https://answers.launchpad.net/launchpad-registry/+question/130282

The violation is question.id and message.id. The rfc822msgid was reused in the spam attack.

The AnswerTrackerHandler.process() method, uses messageset.fromEmail() to create a message object, but fromEmail() is also a lookup method. Since the rfc822msgid was reused, the first attack message was retrieved instead of creating a new one. Question.addComment() failed because the message associated with rfc822msgid already exists. fromEmail() is used by both the answers and the bug handlers and both assume the message was created.

Both answers and bugs mail processes could trying looking up the message by rfc822msgid first or verify the message is not already linked. I suppose the latter is preferable since this kind of attack is rare."""