DMARC
DMARC (or Domain-based Message Authentication, Reporting and Conformance) allows you to publish a specific DNS record for your domain name indicating that you have implemented the DKIM and SPF protocols (it's useless without them) and provides a recommendation on what to do if an email doesn't pass the checks. It also helps recipients notify you of emails received from your domain name, including whether or not they have passed the verifications in question.
To use DMARC you need to add the following record to your domain. Replace the "user@domain.tld" with the email address to which you wish to receive reports from the receiving mail servers.
_dmarc 10800 IN TXT "v=DMARC1; p=reject; rua=mailto:user@domain.tld"
The "p" value in this example means "reject". The three options available are: "none" (no special action taken, but you still receive reports), "quarantine" (the email is considered suspicious and should be placed in a "spam" folder or an equivalent for untrusted mail) and "reject" (the email should be rejected and not delivered).
Warning
If you use the "reject" option, you run the risk of forwarded emails not being delivered, depending on the circumstances. For example, if an individual has set up a Gandimail forwarding so that all incoming emails are forwarded to an email address outside Gandi, there is a risk that those forwarded emails will be rejected by the final recipient.
More information on DMARC can be found on the official DMARC website
https://dmarc.org/