A digitally signed email accomplishes two things. One, it assures the recipient that the email is actually from the person owning the email address (not an email spoof or someone phishing). Two, it sends a public key contained in the digital certificate which allows the recipient to encrypt email sent to you. Once the two people exchange digitally signed emails, all email traffic between them can be encrypted without any effort at all.
Using Thawte's Web-of-Trust, or a similar service, you can get your email identity trusted, whereby a recipient can be assured that not only are you the owner of the email address, but that the email is actually from the person by name. If you receive a email that's a spoof, you it will know it right away because it won't be digitally signed, or the signature will be invalid. Even if you try to reply to the spoof's email, most likely the email client will inform you that it cannot encrypt the email to the untrusted email address.
[robg adds: We discussed Mail and self-created certificates in this hint.]

