You know, another strategy might be to do some sort of a diff calculation on incoming mail, and if it appears to be, within a certain tolerance for error, approximately equal to one of the past five messages you received, block it.

This could be made even more secure if you also implement session management (CGI::Session, for example), and even more secure if you also require logins. But again each level of additional protection means additional assumptions about the end user, and/or additional hoops for the end user to jump through.