Welcome to WebmasterWorld Guest from 220.127.116.11
There's no total defense; just be utterly honest with Google when it happens, and they'll try to clear it up.
I've suggested - more than once - that we be allowed to register sites we intend to place code on; our id would then fail to work on all other domains. Hopefully, it'll happen one day, and remove an avoidable problem.
[edited by: Quadrille at 2:23 pm (utc) on July 29, 2007]
...we're starting to test a new feature that would let publishers choose between allowing any site to display ads with their pub-ID (no change from the current system), and authorizing only a specific list of sites to display their ads. This is separate from the existing Site Authentication feature.
I'll believe it when I see it.
I always wonder what's preventing it; if they can do it for password pages, it can't be rocket science to do it for plain vanilla. But Adsense publishers are always trumped by the Adwords agenda, which keeps prices low by maximising outlets. Even if they're scrapers or MFA.
However, this feature will come; my 'incident' took a fair few minutes of human time, and I doubt Adsense 'identity theft' scams are rare.
Sooner or later, someone at Google is going to recognise the logic of automating to reduce the wasted time of 100% avoidable disputes.
Hopefully before Christmas ;)