This is already possible with available tools, for free or close-to-free.

1) You need a server to act as the incoming gateway, so that incoming mail is isolated from locally-originated mail.   SmarterMail Free edition works well for this purpose.    If your main installation is supported, SmarterMail will answer support questions that apply to the incoming gateway as well.

2) Integrate Declude from MailsBestFriend into your incoming gateway.   Among other skills, it can add your choice of a Subject prefix, a body header, or a body footer.   Declude is also free, at least for now.   You should also buy their modestly-priced support services to build a relationship.   If you are currently using only the built-in spam filtering within SmarterMail, you should check out the commercial products that they offer as well.

3) Build better mail filters into your email defenses, so that the spoofed stuff does not get through in the first place.   Declude does a lot of things well, but its most important attribute is that it is customizable with programs or scripts that you create.   I have customized it extensively.  Between its built-in capabilities and the customization, I am able to control my mail flow in ways that could never be achieved with the commercial appliances that we have used for 15 years.   I still use the commercial spam filter because I cannot reproduce its capabilities for content filtering.  But that appliance only looks at the stuff that Declude has not discarded.

 

I have been told that a large body of research says that "Trust Indicators" are ineffective.   My only actual research information is this very interesting article:

https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-hu.pdf 

In summary, it says that there was a positive effect from use of trust indicators in their experiment, but the benefit is not as great as one might hope.  

Nonetheless, any benefit is good, and no one has asserted that Trust Indicators produce counter-productive results.   I have no information to indicate which approach to Trust Indicators will be most effective.

Many mail user agents have taken to hiding the From address, making it visible only on request.  As best I have been able to tell, there is no legitimate reason for them to do so.   By specification, an email address can be up to 320 characters and I believe developers have unilaterally and incorrectly decided that they need the space for other purposes.    I think the "External" tag is a direct response to the hidden From address.

+1 - We wish native support was available for this within Smarter Mail turnkey.