Unless you're running your website on 486 processors it's not going to have done anything noticeable to your CPU usage

So, let me just check your thinking here. Your solution to people not being savvy enough to check the URL that they're using to log in to, is to have them learn to use PGP as well as still needing to check the URL that they're using to log in to? The emails aren't coming from a microsoft.com domain, which means if you work on the same principle that Let's Encrypt work on (which still relies on having a trusted authority, which PGP doesn't provide out of the box) the email client could show green ticks everywhere that the certificate was actually issued to MICR0S0FT-EMAIL-SUPPORT.COM, leading the user to believe that it's genuine. PGP still needs an out-of-band method of verifying the key, which takes me back to my first point, that you're dealing with people who don't understand that they need to check the URL they're using to log in to