For it to work in a corporate environment, it must be mandated by the company so that everyone does it, everyone must have a client that supports it, keys must exist and be distributed
Of course in a non-corporate/general-email environment, all of those things won't happen (or at least, not all at the same time), so there is a big chicken-and-egg problem if we require all of that. Fortunately, I don't think we need to require all of that.
then can everyone rely on an unsigned message being invalid
I don't think it is necessary to rely on an unauthenticated message being invalid. An unauthenticated message is just that -- unauthenticated. It might be valid or invalid. If it's something important, the "unauthenticated" flag is an indication to the user that he should verify the message's authenticity using other means (e.g. by calling the boss and asking him about it).
If your boss forgets to sign a message telling you to do something and you ignore it, you better have a company policy backing you up.
You wouldn't ignore it, you'd call the boss (or email him) and ask him if he really send the message you received.
And hopefully the boss would almost never "forget" to sign an email, because all of his emails would be automatically signed simply as part of the act of sending them from his regular email account.
That puts it in the realm of a social problem, not a technical one. And it does not solve the problem of external sources of email that don't sign anything being the alleged source of the email asking you to "click here" because your train reservation has changed and you need to pay a bit extra.
True, you can't fix stupid. But you can at least make it easier for people to see a difference between a known-authentic email and an email of unproven origin.