We want to add the option to use the autosecure feature in general but without encryption for certain configured (internal) domains.
If all recipients in a mail are from one of the configured domains, autosecure will then only sign and not encrypt the mail.
Adding any recipient not from those domains will cause the autosecure feature to work as before, the mail will be signed and encrypted iff keys are available for all recipients. (The "Secure" button is shown as selected in this case, so that the user can see this before sending the mail.)

• Automation
• …
• Resolve recipient keys automatically
  • Automatically secure messages
    • Also with untrusted keys
    • Do not automatically encrypt (only sign) for these internal domains: [ comma separated list of domains ]

Tooltip for the new option: Exclude mails from automatic encryption if all recipients are from the given domains. The mails will only be automatically signed.

Beware that the user still needs to be able to manually override the sign/encrypt setting before sending.