The following TXT record:
v=DMARC1; p=reject; pct=100; adkim=s; aspf=s
at least theoretically, should harden SPF and, if present, DKIM. “=s” means “strict”. According to DMARC documentation, DMARC can be used without DKIM, and experiences with a first setup of the above without DKIM are playing out well so far.
Some info is here: