You can't verify that a specific person sent the money to you by matching addresses. That's just the way the system works. See this discussion:
http://forum.bitcoin.org/?topic=2273.0The workaround to this problem is that the recipient sets up a new receive address for every client. That way, when money shows up in the account, the recipient knows who it's from.
Good point, I straight away assumed the received address meant the 'senders' address, rather it is just the address those BTC were at previously.
The workaround you said is a viable idea, however I'm not sure what the theoretical limit of number of unique addresses per machine is, but I suppose for transactions like these they probably own many computers.
There's 26 characters in the alphabet, so that gives us 52 characters upper + lower case. Then add in 0-9 which totals 62 characters for any place in the address. The address is 34 characters long. Thus, we have 62 possibilities on 34 places, or 62^34 different possibilities of addresses (8.7*10^60). In other words, they aren't going to run out, and the chances of having two identical addresses are practically 0, even if there are billions of billions (10^18) of addresses in the wild which will take practically infinity to create (even at 1 billion addresses per second, it would take 30 years).
The workaround is the currently accepted method of making sure that the sender is the right person, and from a technical standpoint it will work for as long as BTC is around.