SPF lets you specify the servers and domains that are allowed to send email for your organization. When receiving mail servers get a message from your organization, they compare the sending server to your list of allowed servers. This lets receiving servers verify the message actually came from you.
DKIMs adds an encrypted digital signature to every message sent from your organization. Receiving mail servers use a public key to read the signature, and verify the message actually came from you. DKIM also prevents message content from being changed when the message is sent between servers.
DMARC tells receiving servers what to do with messages from your organization when they don't pass either SPF or DKIM. DMARC also sends reports that tell you which messages pass or fail SPF and DKIM. These reports help you identify possible email attacks and other vulnerabilities.