I'm sorry my homepage is out of date; thanks for the reminder. It seems like it's been a decade or so since I updated it.
I normally check signatures when downloading a new key, particularly as a way of distinguishing between multiple keys available on a keyserver. But I don't have a way to force other people who are writing to me to do that, and apparently at least the Enigmail users often don't.
Edit: Erinn is a more cautious PGP user than I am (with an extraordinarily important key!), but I expect she also has no way of forcing people to check that they have the right key when e-mailing her.
Including your key signature everywhere you post your email address (homepage, business card, email signature, etc.) is a good practice. It's not perfect, but it's better than teaching users to go straight to a keyserver.
I check up on you from time to time. Virtunova's been offline for ages as well.
I'm kicking around ways of making email more reliable, one option that occurs to me is key negotiation at transmit time, or as part of the delivery process. That is: a user's home mailserver would be key-aware. Though that too is subject to skulduggery.
The point of Web of Trust is to only trust keys that other people you know have also signed. Everything else is garbage until proven otherwise.
Key servers are untrustworthy because anyone can upload random shit to them.
Trying to shift WoT to a third party is trying to get something for free that doesn't emphasize solving the problem: getting everyone you know signing keys of only other people they know.
https://en.wikipedia.org/wiki/Seth_Schoen
His hopelessly out-of-date homepage: http://www.loyalty.org/~schoen/
That said, yes, PGP has a notable failing in that there's no reliable method for repudiating a key, particularly one generated by a hostile party.
If you've hung on to your key revocation certificate you can revoke a key you have generated. But that's only a small part of the battle.