The only way to know who sent a transaction is to create a unique address for it.
If you use blockchain.info messages, you are trusting a centralised entity to tell you, and forcing your customers to use a centralised wallet.
The "sign message" feature only supports signing with addresses (ie, proving you can receive), there is no current way to sign as a sender of a transaction.
Bitcoin-Qt 0.9 will be adding support for the payment protocol to make this kind of thing simpler.
Well.. I don't fundamentally disagree with you, but a few things:
1, the address they're sending money to for the Electronic Frontier Foundation donation is a paper wallet generated offline.
2, I don't think they're technically my customers... contestants maybe?
3, blockchain.info does support sweeping private keys, but I think the sweeping of private keys was in referecnce to the destination address, which I already said was a paper wallet that was generated offline. But I have been drinking so I could be wrong.
4, I like blockchian.info...
5, I love you damn developers and all your coding hobnobery! cant wait for 0.9.
... and about 0.9... I went through a lot of freaking effort incorporating pgp signed addresses in my site. Is 0.9 pretty much going to nuke that effort?
Anyhow, good luck everyone! 
