Everything needs to be built into the application in a way that users don't notice if they don't care. A signature at the end of your emails is more cryptic than the recipient's email client showing an icon with a green checkmark or something similar. I take Chrome's rollout of tls-enforcement by default as a great example of this. All I would had to say to people was "check that the padlock next to your url bar is green."