Internal Email Security
More than 70% of email is internal email. That is internal user’s sending email to other internal users. You need to secure internal email for the similar reasons you would secure inbound and outbound email. Some of the aspects you will secure internal email are for;
Spreading of viruses and other threats
Hatemail, sexual harassment, abuse, bullying, and inappropriate mail between employees
Illegal activities between employees, and yes this does happen often!
Spreading of confidential data, HR records, etc.
At the very least you should be filtering internal email for viruses, as well as monitoring and auditing for legal requirements.
To monitor internal email usually vendors provide a plug in as an add on to their email gateway security products. For example with Clearswift's MIMEsweeper you can purchase a plugin and install this on the exchange server. The plugin will capture any internal mail transferred from one mail box to the other on the exchange server. The plugin will then send this on to the spam firewall for scanning.
Without a plugin this can not be done because internal email is transferred from one mail box to another. This is all done within the Exchange server, and so this email never hits the gateway. The spam firewall is sitting to scan inbound and outbound email.