S/MIME signing/verifying of email v9.411-3

Question

Hello 
 Any guidance would be appreciated please. 
 Our emails are signed with S/MIME certs from an external CA. 
 When I send an email it is delivered with a (example from Thunderbird) of some sort to show that the email is signed, and clicking on it gives the certificate detail etc. 
 When I send an email to an internal user (defined on the Internal Users tab) the cert is removed and there is no way of knowing that the email was sent by an internal user or spoofed. 
 I've played with these options turning them on and off: 
 
 But the only way to get the back in the emails is to remove the email recipient from the "Internal Users" tab. 
 Am I missing something?? 
 Thanks in advance for any help.

S1P · Answer

Hello 
 I just wanted to post an update for the benefit of the community now that Sophos Support have made their decision: 
 " Hello Simon, This is regarding your service request number 7042903, which you have opened with us. As informed earlier that by design.S/Mime signing and verification only works on outbound messages, I am closing this service request today. I would further request you to raise a feature request for the same by going to ideas.sophos.com Thank you for your patience and understanding. " 
 So, it is by design that email is not signed or encrypted with S/MIME certs for email between internal users?!? I thought Sophos say "Dance like no one's watching. Encrypt like everyone is." 
 I still think this is a secuirty issue/bug and not a feature request. Unfortunately I don't think I will be paying for Premium Support in the future.