You must publish SPF records on your DNS, containing a list of all approved IP addresses that can send emails.
If the sender’s IP matches one on the list, it gets authenticated and is sent to the destination inbox. If it doesn’t match, the email fails authentication and gets rejected by the server.
SPF used to be the best in email security, but it just got WAY better with DMARC. Get your domain fortified with PowerDMARC now!