16.04 – The DPKG support to verify the GPG signature for the Debian package files?

I'm trying to enable GPG verification in /etc/dpkg/dpkg.cfg by removing "no-debsig" in this configuration file:

. # Do not enable debsig-Verify by default; Since the distribution is not using integrated signatures, debsig-verify will reject all packages.

. # no-debsig

Then I tried to download and install some unsigned .deb files on my Ubuntu server, but I can install them normally without any action (reject, warn) later.

So, my question is: assuming that I downloaded an .deb file from the Internet, I ran this file with "dpkg -i" to install it, how to verify if it comes from a reliable source or not? I am using the Ubuntu server 16.04. Thank you!