Note it is totally worth fixing SPF and SPX records. You will need to also remember if you have any devices MFPs going to open relay you may have to adjust some settings. For record I recommend routing thru your spam filters trusted host senders. Even better if you have radar or other archiving program. You really can't do anything about misleading hyperlink headers. No way to prevent that at all. Just hope the end user spam filter catches it,
A couple things we notice from fixing the records.
1. Some of your employees who were being e-mail spoofed with get some status undeliverable messages from random servers. These are more likely mails the spoofer sent out. Once they realize that the domain and mail is locked down they will stop sending it took less than a week for me. Some clients don't get these. I have not put my finger on why some do or some don't.