SPF
A DNS record listing which servers are allowed to send mail "from" your domain. Receivers compare the connecting IP against the list. Limit: only checks the envelope sender, easy to bypass with a different visible "From".
DKIM
A cryptographic signature on the email body, verified against a public key in your DNS. Limit: it doesn't say which signing domain is authoritative for the visible "From".
DMARC
Ties the two together: SPF or DKIM must pass AND the authenticating domain must align with the visible "From" domain. Adds reporting (rua) so receivers tell you what's happening.
Why all three
SPF without DKIM breaks on forwarding. DKIM without SPF is fine but harder to bootstrap. DMARC without SPF or DKIM has nothing to align against. You want all three.