You can manage the permissions of the MSMQ queue, including those who (the Windows user / group) can send to the queue. If you want to encrypt a message, MassTransit at least and probably NServiceBus, you can enter your own serializer.
In most cases, I am familiar with messages from reliable sources. If you receive messages from external sources, they will go through some kind of entry point, for example, a web service, before they get into the queue system. The governing bodies that exist within the organization are often enough.
Finally, the โsenderโ is displayed in the MSMQ header. I don't know if this is available in NServiceBus, but as long as you can access it from the MSMQ.NET shell. I doubt that this is out of the question.