[simon360]

For SPF and DKIM, yes, you're right - most hosted services will generate those DNS records for you, and validate that they're set correctly in your DNS. But in my experience, they often don't mention DMARC at all, present DKIM as a "hey just do this don't worry about it" (which, given that it's cryptography... yeah, I don't necessarily disagree with that approach, don't scare people off), and often don't provide good SPF practices (~all vs. ?all vs. -all).

On generators, a lot of them left me in an uncanny valley. They were supposed to make everything easier, but didn't explain the basic concepts, so I didn't know the values to even put into the generator. After I nailed down some of the basics, the generators just started making sense.

YMMV. There's an infinite combination of mail hosts/servers, DNS providers, and record generators. Collating all that information the first time can be overwhelming, if DNS or email aren't an area of expertise, but I'm sure there's a low-friction path out there. A Northwest Passage of email security. I'd love to find it.