SPF will not protect the From address from being spoofed. This is the actual email address that the recipients see in their mail clients. This is also called the RFC5322, friendly from or header-from.


SPF is a path-based authentication protocol that authenticates the MAIL FROM (also called Return-Path, RFC5321, Envelope-From or bounce address) which is not visible to the recipient unless they look at the metadata of the message. SPF tells receiving mail transfer agent (MTAs) if the sending IP address is allowed to send on behalf of the domain found in the MAIL FROM address. 


Remember that, this does NOT authenticate the From address. So anyone can create a domain and SPF record that authenticates it and still put whatever they want as the From address in an email. Aka, spoof the FROM address.


In order to correctly protect the From address you will have to implement DMARC as it requires that the domain found in the MAIL FROM align with the From address.