An inbound transport agent for DKIM/SPF/DMARC authentication is provided as an optional component. You can use the authentication/verification result to filter the spoofing emails to spam folder, or even you can use it to reject the email in SMTP service directly.
To learn more detail, please refer to this tutorial:
DKIM/SPF/DMARC Inbound Authentication
See Also
Using DomainKeys/DKIM
Deploy Public Key in DNS server
Test DomainKeys/DKIM signature
Troubleshooting
Using Selector
Using Sender Rule
Server Core and Installer Command Arguments
Appendix - Set up SPF record in DNS server
Appendix - Set up DMARC record
Appendix - Use DkimPowerShell Module in PowerShell