Facebook is an interesting example here. If you give them your PGP indentity they will encrypt and sign the emails they send you. So you will know if the email is actually from them.

So technically this is a very solved problem. Facebook unfortunately is very much the exception. It is pretty much impossible to convince entities like your bank to sign their emails.