DMARC's job is to tell the recipients server that the message uses SPF and/or DKIM validation, and what to do with the message if the validation fails.
It's idea is to make it easier for servers to communicate with each other by using existing SPF and DKIM records, improving authentication in the process.
DMARC was developed because many email senders have issues using SPF and DKIM records comprehensively. A large percentage of domains do not use either record as a default.
The recipient's end servers are required to balance between accepting or rejecting the email if it's not authenicated and there's no standard for it. That is why SPF and DKIM usage alone does not guarantee anything.