@brutalbirdie Absolutely... and goood choice with Cloudron! And I'll do my best to keep it light.
DMARC is sort of a mashup policy that enforces DKIM and SPF records. Don't run away yet...!
DKIM is a method where each e-mail you send is signed with a private key. When a recipient's server receives your message, it compares that key against a public key that you publish via a DNS record (that way it's available to the entire web). It's one way of verifying that an e-mail actually came from you.
SPF is another policy published via DNS records that tells receiving servers which sender domains and IP addresses they should consider valid senders. It prevents bad actors from spoofing your domain by saying only accept mail from my Cloudron instanse which is on my.brutalbirdie.com.
With DMARC, you publish another DNS record that lets receiving servers know you are serious about your e-mail identity. If an e-mail sent by your domain doesn't match a DKIM or SPF record, then you can instruct them to reject or send that message to SPAM folders.
In all, DMARC is another method of building trust for e-mails that are sent. Last year, the FBI reported losses in the billions from impersonated e-mail. By properly adding DMARC to outgoing DNS settings, you'll better protect your recipients and your brand.
Let me know if I missed the mark anywhere for you.