SPF implementations

I have been using an application called XWall. It's a Spam filter and smart host for use with Microsoft Exchange. Overall it's a 
very impressive and useful program. I recently upgraded to their newer version that has SPF support. After using it for awhile I 
discovered I would like to be able to configure a couple of things and I was surprised at their response.
1. They only look at the HELO/EHLO when the "Mail From:" is <>. Shouldn't it always look at HELO/EHLO? Or at least be a selectable 
parameter?
2. I asked for a configuration option to look at the "From" address and not just the <return-path>. They said they couldn't because 
looking at the "From" address requires a license from Microsoft. I couldn't find anything that would indicate that to be true. I 
know that SenderID in whole may... but just looking at the "From" address???? Does anyone know the answer to this?
The reason I would like to use the "From" address is that I and a number of my users have received email with the <return-path> set 
to a domain that has a valid SPF record, but the "From" address was PayPal.com and so it went right on through. When it reached the 
end user it clearly said it was from PayPal.com in the email client (Outlook) but it actually was not but you had to view the 
headers to tell (my end users are NOT going to do that). SPF loses a LOT of its usefulness if it can't be used to detect spoofed 
addresses. I have another system for my home email server that uses SPF and it looks at both the <return-path> AND the "From" 
address and it works really well at keeping spoofed addresses that have SPF records away from the users. Isn't using SPF on the 
"From" address an acceptable use of SPF?
Thanks
Dennis