The company's domain will be configured through SPF, DKIM and DMARC records. The third-party vendor will obviously use that domain to send marketing emails.
With DMARC, you can protect your own domain from being misused in phishing attempts. If you receive a phishing email from some other domain then it is the responsibility of the domain’s owner to implement DMARC and protect its users from being ...
No, there is no feature to blacklist any source. However, we remove IP's from the SPF record and we shift the DMARC record to the reject policy to make sure that the spoofed emails do not land in the receiver's inbox.