Finally ! I found an easy way to explain WHY DMARC is the only Anti-Spoofing mechanism

for eMail IT Admin : I finally found the simplest way to explain it !!

- a good DNS SPF record

- the use of DKIM Signing

Will simply help your legitimate emails to reach people/recipient inboxes more easily.

SPF/DKIM do not provide "ANY" protection against spoofing of your domain.

Yes, people could still pretend to be you and send millions of email/Spams using @yourdomain.com

Your domain, your brand could be damaged if you do not use DMARC with a policy p=quarantine or reject

DMARC is the only mechanism ( invented in 2012 !!) preventing your domain to be spoofed and protecting the internet from receiving SPAMS coming from your domain.

If you have no DMARC policy or p=none THEN, any amateur on planet earth can send millions of eMails on your behalf and damage your brand and make your domain end up on black lists.

You doubt this Google or use GROK to confirm or REDDIT /DMARC.

The sender, the one people/recipient will see in their eMail software/platform, the HeaderFrom/RFC5322 has nothing to do with your SPF or DKIM unless you use DMARC properly.

Note for very technical people : during a SMTP session, a mail server can use any domain for the SPF AUTH (not your's ) then a different domain for DKIM signing (they have control over/DNS) and at the end, pretend to be someone@anydomain.com in the world that do not have a DMARC policy preventing spoofing (NO DMARC or p=none allow spoofing) This domain, the sender eMail address, the one the recipient see is calledRFC5322.HeaderFrom.