Now we would be validating authentication token

lib/gitlab/email/receiver.rb

@@ -91,9 +91,6 @@ module Gitlab
                                               authentication_token
       end
 
-      # Find the first matched user in database from email From: section
-      # TODO: Since this address could be forged, we should have some kind of
-      #       auth token attached somewhere to verify the identity better.
       def message_sender
         @message_sender ||= message.from.find do |email|
           user = User.find_by_any_email(email)