A signed email is an email attached with your digital certificate. Digital certificate is the electronic counterpart to driving license or passport. It is issued by a Certification Authority (CA), like the immigration department.
When your email recipient reads your email attached with your digital certificate, his email client such as Microsoft Outlook Express or Netscape Messenger first check whether the digital certificate matches with the sender (it is you) in the email header. If this is OK, it will check the issuer (CA) of your digital certificate. If it trusts your CA (prior acceptance of issuer's root certificate to recipient's email client certificate store is required), it believes the email is truly sent by you. This is similar to if you show your passport to a customs official, he trusts you to be citizen of your country because he trusts the issuer of your passport.
How an email client will trust a CA? Well, when an email client accepts the digital certificate (root certificate) of a CA, it starts to trust the CA. Some of them have already accepted some well known CAs, like Verisign, Thawte, with their root certificates pre-installed to email clients' certificate store.
Upon applying digital certificate, a pair of user keys called public key and private key are generated at the same time. Those keys can be used in most PKI applications, for example, sending of encrypted email message. As a result, only the intended recipient can read it.
The recipient's corresponding public key and private key must work in pair. The sender uses recipient's public key to encrypt a message. The recipient must use the corresponding private key to decrypt the message. An encrypted email message requires recipient's valid private key to decrypt before the recipient can read it.
Extreme care must be taken when the technology is used to encrypt email messages. Encrypted messages can only be decrypted by the required private key. Because of the very nature of the technology, it might be impossible to recover an encrypted message when the required private key is lost. If in any case the key pair does not match, the encrypted message could never be recovered.