Hi,
We have the same issue and there are two solutions that I am aware of.
1) Enable DMARC along with your SPF. DMARC is designed to check the other headers (Display From) and check for authorized sending servers. It should rectify this.
2) This i...