diff --git a/lib/email/receiver.rb b/lib/email/receiver.rb
index a8881a31ec6..bb2ad455ac0 100644
--- a/lib/email/receiver.rb
+++ b/lib/email/receiver.rb
@@ -247,7 +247,7 @@ module Email
 
     def create_post_action(email_log, type)
       PostActionCreator.new(email_log.user, email_log.post).perform(type)
-    rescue PostAction::AlreadyActed => e
+    rescue Discourse::InvalidAccess, PostAction::AlreadyActed => e
       raise InvalidPostAction.new(e)
     end
 
diff --git a/lib/post_action_creator.rb b/lib/post_action_creator.rb
index 3d84b44d9f1..e995db1a298 100644
--- a/lib/post_action_creator.rb
+++ b/lib/post_action_creator.rb
@@ -7,7 +7,7 @@ class PostActionCreator
   end
 
   def perform(action)
-    guardian.ensure_post_can_act!(@post, action, taken_actions: PostAction.counts_for([@post], @user)[@post.id])
+    guardian.ensure_post_can_act!(@post, action, taken_actions: PostAction.counts_for([@post].compact, @user)[@post.try(:id)])
     PostAction.act(@user, @post, action)
   end
 
diff --git a/spec/components/email/receiver_spec.rb b/spec/components/email/receiver_spec.rb
index d5c20be381f..796ce440d4d 100644
--- a/spec/components/email/receiver_spec.rb
+++ b/spec/components/email/receiver_spec.rb
@@ -364,6 +364,14 @@ This is a link http://example.com"
             expect(PostAction.count).to eq before_count
             expect(replied_user_like).to be_present
           end
+
+          it "does not allow unauthorized happiness" do
+            post.trash!
+            before_count = PostAction.count
+            expect { receiver.process }.to raise_error(Email::Receiver::InvalidPostAction)
+            expect(PostAction.count).to eq before_count
+            expect(replied_user_like).to_not be_present
+          end
         end
 
         describe "like.eml" do
diff --git a/spec/components/post_action_creator_spec.rb b/spec/components/post_action_creator_spec.rb
new file mode 100644
index 00000000000..0348aec6b82
--- /dev/null
+++ b/spec/components/post_action_creator_spec.rb
@@ -0,0 +1,22 @@
+require 'rails_helper'
+require 'post_action_creator'
+
+describe PostCreator do
+  let(:user) { Fabricate(:user) }
+  let(:post) { Fabricate(:post) }
+  let(:group) { Fabricate(:group) }
+  let(:like_type_id) { PostActionType.types[:like] }
+
+
+  describe 'perform' do
+    it 'creates a post action' do
+      expect { PostActionCreator.new(user, post).perform(like_type_id) }.to change { PostAction.count }.by(1)
+      expect(PostAction.find_by(user: user, post: post, post_action_type_id: like_type_id)).to be_present
+    end
+
+    it 'does not create an invalid post action' do
+      expect { PostActionCreator.new(user, nil).perform(like_type_id) }.to raise_error(Discourse::InvalidAccess)
+    end
+  end
+
+end