unless you are willing to scrap all existing certs and start over from scratch, you can't just ban everyone who doesn't do enough checking.
besides, you need to define what 'enough' checking is.
if someone presents a legal document that says they own a business in some obscure country, should they be allowed to get a cert for the name? how can you tell for sure that the people you are talking to are the ones who you really should be talking to? in this day of outsourceing IT projects, it's very likely that the people running the webservers are not part of the company that actually owns the name.
do you want a fax of a letterhead? I can make up a letterhead for any company pretty quickly (if I don't just get the legitimate company to send me some sort of document on letterhead and just scan it to fax it to you)
the big problem right now is that some of the CAs are charging huge amounts of money (up to $1500/cert) and still not doing real checking.
and none of this will do any good if the CA gets broken into (like this CA is claiming) and has the hackers use their infrastructure to sign certs without the approval of the CA.