The following TXT record:
v=DMARC1;p=reject;pct=100;p=reject;adkim=s;aspf=s
at least theoretically, should harden SPF and, if present, DKIM. “=s” means “strict”. According to DMARC documentation, DMARC can be used without DKIM, and experiences with a first setup of the above without DKIM are playing out well so far.