...
Every user who received a feedback request, gets an email with a unique link containing a UUID. This The link contains a UUID which initializes their feedback session . CORE is not able to link a UUID back to a user and hence the privacy of the participant can be guaranteedduring which the UUID value is mapped to a feedback_id. This id is used for 'authentication'. Only users with a valid and existing UUID code can provide feedback. This check is done during initialization of the Feedback model as illustrated below.
See: Core_Model_Feedback::_init()
...