DMARC is a protocol that publishes email authentication policies in the DNS to notify recipients how to handle non-aligned messages from a domain. When a domain owner publishes a DMARC policy, they will soon receive reports about emails sent from their domain. SPF is used to protect against spoofed emails by validating the sender, while DMARC ensures the messages are authenticated. Both should be used together based on an organization's security needs.