This is correct. It's significantly harder to inject the origin IP into a TCP stream. We have ways [1] of doing it, but it requires some coordination on both sides.
Have you considered enabling this out of band? For example as a network administrator I could verify a CIDR block and receive a real time stream of 5-tuples (err, 7-tuples with the proxy?) destined to my network.