Apple can detect this, but they’ve allowed it in most cases when it’s done with an Apple ID in good standing and some history.
Why they allowed it is anyone’s guess, but the leading theory is that they valued not hindering established customers over locking iMessage completely down and perhaps the bad PR that comes with banning someone’s Apple ID over this.
Well they could block the client itself, independent of blocking the Apple ID. It's the client that sends the serial information. Your Apple ID only gets associated with it indirectly.
Why they allowed it is anyone’s guess, but the leading theory is that they valued not hindering established customers over locking iMessage completely down and perhaps the bad PR that comes with banning someone’s Apple ID over this.