It's pretty verbose and lengthy, but I recently read the NIST "Trustworthy Email" publication and it did a great job explaining these technologies - Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain Message Authentication, Reporting, and Conformance (DMARC) - that are used for modern email authentication.
Yes I am using sendgrid or some other provider, they do all stuff for you. I like to have control over everything but when you have to send stuff from multuple domains and you have to ask other companies to add SPF and DKIM to their dns and deal with all bs with explaining how it works to other people just pay sendgrid.
If it is for your own domain and you don't have customers for which you send emails on their domains, it is quite easy to set up on your own.
Checkout https://dmarcian.com/. You configure them as the recipient of your xml dmarc reports and they build a nice dashboard with the data. It's free for small stuff.
If you want to use DMARC, you should use an aggregation tool such as ours to process the reports. You typically start with the DMARC policy in 'none' mode, which only enables reporting. Using the reports you verify that all legitimate senders are correctly signing email with DKIM (and preferably are also SPF aligned) before you switch to a 'quarantine' or 'reject' DMARC policy.