Thanks tonysperbeck and Tech726 for calling attention to this. I have been trying to troubleshoot this issue with Microsoft Support for several weeks now and have made little to no progress.
As mentioned above, I'm not sure why MS would design the feature to work this way. Possibly this is an oversight. The primary reason for using this technology (or a transport rule or whatever) to "tag" external emails is to help users determine the trustworthiness of an email message. If this feature fails to properly tag a spoofed email as external, arguably THE RISKIEST, MOST LIKELY TO BE MALICIOUS type of external email, then what is the point?
Granted, if you have proper controls in place, SPF, DKIM, DMARC, an email security gateway, etc., spoofed emails messages SHOULDN'T make it to an internal user's inbox. However, with any technology, 100% certainty is rare if not impossible. Due to software bugs, misconfigurations, exploits, vulnerabilities, etc., there is ALWAYS a chance a spoofed message will make it through.
That said, I wonder if there is a way to influence or set the IsExternalSender property with a transport rule?