Off the top of my head, you could include your own checksum in the payload. Their code only modifies the address. Nothing would prevent them from reverse engineering checksum, too.

There are ways to detect a replaced/proxied global window function too, and that's another arms race.