This appears to be a question of format. Using SIP URI format - anything@anywhere - ui=$1 seems to work fine, but without the @ it does not.
With X_SpoofCallerID = unchecked I tested:
Voice Services > SP1 Service > X_InboundCallRoute:
{ph1,sp2(anything@anywhere)}
This gives CallerID of AuthUserName of sp2.
Voice Services > SP1 Service > X_InboundCallRoute:
{ph1,sp2(anything@anywhere;ui=$1)}
This gives CallerID of the original caller.
Looks like spoofing can be done with With X_SpoofCallerID = unchecked, but only if SIP URI format is used. Another lesson learnt