DMARC is how you define validation, disposition and reporting policies for your domain, and of more interest to you here, for messages that fail to pass SPF and DKIM (the two of them together).
Between DMARC, SPF and DKIM, it's DMARC that checks if the From: domain matches the any of the domains that passed SPF or DKIM. If there's no match, then the DMARC policy you selected is applied.
Without DMARC, an attacker than manipulate SPF to their advantage by using a MAIL FROM domain they control. This would then allow them to use your domain in the From: header. However to pass DMARC with SPF, they would have to use the same domain in MAIL FROM and in the From: header.
Similarly, attackers can choose to sign messages with whatever DKIM keys they wish. However to be able to pass DMARC with DKIM, they would have to sign with your From: domain DKIM keys.