diff --git a/src/applications/settings/panel/PhabricatorEmailAddressesSettingsPanel.php b/src/applications/settings/panel/PhabricatorEmailAddressesSettingsPanel.php
--- a/src/applications/settings/panel/PhabricatorEmailAddressesSettingsPanel.php
+++ b/src/applications/settings/panel/PhabricatorEmailAddressesSettingsPanel.php
@@ -165,6 +165,11 @@
     $user = $this->getUser();
     $viewer = $this->getViewer();
 
+    $token = id(new PhabricatorAuthSessionEngine())->requireHighSecuritySession(
+      $viewer,
+      $request,
+      $this->getPanelURI());
+
     $e_email = true;
     $email   = null;
     $errors  = array();
@@ -276,6 +281,11 @@
     $user = $this->getUser();
     $viewer = $this->getViewer();
 
+    $token = id(new PhabricatorAuthSessionEngine())->requireHighSecuritySession(
+      $viewer,
+      $request,
+      $this->getPanelURI());
+
     // NOTE: You can only delete your own email addresses, and you can not
     // delete your primary address.
     $email = id(new PhabricatorUserEmail())->loadOneWhere(