In sensitive environments, PGP signatures or similar key-based systems can be used to authenticate the sender. These cryptographic systems validate your identity because only the sender has the right keys. However, few people use PGP for general email communications and it does not authenticate you with new acquaintances.
With free email services, disabling an imposter becomes more difficult. In most cases, you must authenticate yourself before the hosting provider will take action, but not to open the account. For example, anyone can register a Yahoo! Mail account using your name. If Yahoo! Mail has an email account that is impersonating you, then you can fill out their abuse form. This form requires you to describe the incident and identify yourself.
In contrast to Yahoo!, Gmail requires you to print out the imposter's email and mail it to them through the postal service. Gmail offers no method for submitting an online complaint about an imposter.
Although sites such as Yahoo! and Gmail do provide options for refuting and disabling an imposter's account, other public mailing systems are not as responsive. For example, Hushmail allows people to report abuse. However, they will not investigate abuse complaints (other than spam complaints) and refuse to disable any imposter's account without a court order.
Since Hushmail does not authenticate during enrolment and does not remove abusive accounts, you should personally verify the sender's identity before responding. Any email from "hushmail.com", "hush.com", "hush.ai", etc., could be an imposter. While Hushmail does use PGP for email authentication, this only validates that the email was sent using Hushmail; it does not validate the person who opened the Hushmail account.
External authentication is one option to mitigate the impact from general email impersonations. Build a reputation around a known email address and maintain a website that can quickly be used to identify you. If your emails always come from "mydomain.org", emails from some other domain should be suspect.
Mitigating mailing lists
While an imposter's email account can be disabled, the damage from posted messages is usually permanent. While some mailing lists will remove messages from their archives, most will not. And even if the message is removed, many mailing lists are mirrored; an imposter's posting could live indefinitely on hundreds of archive sites. Exposing the imposter by posting to the list or informing the list manager, is usually enough to mitigate any damage.
Unfortunately, some unmoderated forums have a large number of imposters. Contesting an imposter may not be worthwhile; if many people are impersonated, then malicious postings are usually suspect without any feedback from you. In addition, any identification of an imposter could be overlooked in high-volume forums.
Web of lies
Along with impersonating email addresses, imposters can create fictitious websites. Yahoo! Mail includes web space at Geocities, Gmail includes Googlepages, and there are thousands of other hosting providers. The inability to authenticate an owner opens the door to impersonations such as phishing; anyone can create a web page that looks like Citibank and anyone can register a domain name similar to "citibank.com". No validation required.
Refuting a fake website really depends on the type of impersonation and the hosting location. Companies such as Yahoo! and Google are extremely responsive to phishing reports. Due to well-organised efforts by groups such as the Anti-Phishing Working Group, reported phishing sites are usually taken down within hours, and sometimes within minutes. If the hosting site is non-responsive, then network routers can restrict access to these sites until the phishing site is removed.
While web impersonations usually refer to companies, they can also apply to individual people. Unfortunately, if the site is impersonating a person - and not a company - then refuting the site becomes more complicated. Yahoo! Geocities links web pages to email accounts. If you can refute the Yahoo! email account, then you can disable the imposter's web page. In general, your ability to refute a fake web page really depends on the hosting provider. Look at their site for a method to report abuse and be prepared to validate that you really are you.
Next page: Invading my space
What about the "upside"?
Has anyone considered the up-side to this? Now you can confidently go into that next interview with your resume packed full of made-up stuff, and it will be easily validated when the employer does a google to check. All you need do is simply create lots of MySpace etc. etc. web pages by people who don't exist, fill them with rubbish about how brilliant you are and all the great things you've done, and you have instant validation. So while someone with a grudge can make you look bad, you can also make yourself look very good. Google is not a source of "trusted" information!
If an employer is serious about checking references etc, they should just try picking up the phone and calling the companies you claim to have worked for!
Who cares? People have been overly aggressive in marketing themselves since the beginning of time. If you're good at the job you got with your false credentials, it's obvious that the experience wasn't necessary anyway. It only matters if you can't pull the job off.
"Recently, a 15-year-old impersonated Australia's ABC Television and sent a DMCA counter-notice to YouTube. YouTube responded by sending infringement notices to users and many video clips were removed. (This begs the question, why couldn't Viacom get this kind of response?)"
Gee... could it be because said 15-yo sent a politely-worded legal notice of infringement while Viacom slapped a lawsuit on YouTube?
Could politeness be more effective than bullying?