In my opinion, making it a general requirement would be a bit too much. I haven't seen it happen quite as often as you have. What is more, I don't see hostile parties exploiting this to cause harm on a regular basis ;)
But I agree we could recommend to the user to always log in and use the webtracker if writing messages to us. If an user registers a new project, she is added to the mail recipients automatically. So if anybody else tries to mimic him, he should be able to object "I did not write this!" in due time.
