This problem is happening a lot lately,
I don't know if there's anything that the Plesk team could do about it to avoid it, but it would be very helpful, because the spoofers/spammers are getting pretty slick in passing SPF, DKIM & DMARC checks
In the meantime, check the headers for this emails. With that info you could:
-Block the actual IP from the actual sender.
-Block the actual domain from the actual sender.
-Write custom spamassassin rule(s) so that the spoof emails get labeled as SPAM.
In my experience, unfortunately there's not a definitive answer to block all spoof emails once and for all, a rule/block that works this week might get bypassed next week.