A CA works by issuing a digital certificate after verifying the identity of the requester. This certificate contains a public key and the identity information of the certificate holder. When a recipient receives an email, their email client uses the public key to verify the sender's identity. This process ensures that the email is authentic and has not been altered.