I was confused as well.

I was actually thinking of Reply-To which I've now added and that works.
I've been thinking of the email account side of things. What could be done is have a separate email address and password for each end user (or installation). eg. 123@xyz.com, 456@xyz.com, etc.
Each remote device would have those credentials entered by the installer, along with the recipient details. That could give some additional control.
Moving to SSL would seem like a significant effort on a micro. How likely is unauthorised usage (spammers) when using port 25 with authorisation?
The proposed internet connection is a 4G modem.