diff --git a/lib/guardian/post_guardian.rb b/lib/guardian/post_guardian.rb
index 06ab6a4fc..3d1aa9c6f 100644
--- a/lib/guardian/post_guardian.rb
+++ b/lib/guardian/post_guardian.rb
@@ -13,7 +13,8 @@ module PostGuardian
       return false if action_key == :notify_moderators && !SiteSetting.enable_private_messages
 
       # we allow flagging for trust level 1 and higher
-      (is_flag && @user.has_trust_level?(TrustLevel[1]) && not(already_did_flagging)) ||
+      # always allowed for private messages
+      (is_flag && not(already_did_flagging) && (@user.has_trust_level?(TrustLevel[1]) || post.topic.private_message?)) ||
 
       # not a flagging action, and haven't done it already
       not(is_flag || already_taken_this_action) &&
diff --git a/spec/components/guardian_spec.rb b/spec/components/guardian_spec.rb
index cd0cc20aa..7ed933bd8 100644
--- a/spec/components/guardian_spec.rb
+++ b/spec/components/guardian_spec.rb
@@ -75,11 +75,17 @@ describe Guardian do
         Guardian.new(user).post_can_act?(post, :like).should be_truthy
       end
 
-      it "returns false for a new user flagging something as spam" do
+      it "returns false for a new user flagging a standard post as spam" do
         user.trust_level = TrustLevel[0]
         Guardian.new(user).post_can_act?(post, :spam).should be_falsey
       end
 
+      it "returns true for a new user flagging a private message as spam" do
+        post.topic.archetype = Archetype.private_message
+        user.trust_level = TrustLevel[0]
+        Guardian.new(user).post_can_act?(post, :spam).should be_truthy
+      end
+
       it "returns false for a new user flagging something as off topic" do
         user.trust_level = TrustLevel[0]
         Guardian.new(user).post_can_act?(post, :off_topic).should be_falsey