I tested the plugin and it works (non-WPMU).
I'm not sure if it's WP default behavior or because I have 'cookies for comments' plugin activated, but without Impostercide, the spoof comment went to Spam. With it activated, it went to your notification message.
Unless my blog is set to auto-approve comments, I'm leaning toward thinking it's better to deactivate this plugin because a really clever hacker-type person could figure out which username and/or email address(es) are registered on the blog. Then all they have to figure out is a password.
I'm not saying it's easy to do that, but I think I'd rather let it go to Spam and not "give them a hint".
Even if I did auto-approve comments, apparently it would still end up in Spam and not be approved.
I think the plugin should have a backend configuration that allows the notification message to be edited. Then I would have a bit friendlier message (never using the word Imposter) and wouldn't be as specific about the reason for the error. And, ideally, it would all happen on the same page, but that's not necessary.
Just sharing some thoughts. Appreciate your work on the plugin.