Tom wants his email servers to reject email that is not authenticated in a way to prevent spoofing. Which of the following should he implement?

DMARC, or Domain- based Message Authentication, Reporting, and Conformance, controls how unauthenticated messages are handled by mailbox providers, including quarantining, rejecting, or rejecting messages. SPF (Sender Policy Framework) lists IP addresses of systems allowed to send email in DNS TXT records for a domain. Domain-Keys Identified Mail (DKIM) validates a domain’s identity using a public key pair, validating the authenticity of the sender. TLS (Transport Layer Security) is used to encrypt data in motion.