spf – Whitelisting Email Service for Anti-Spoofing and DMARC

My company uses an Anti-Spoofing Protection based on the SPF Record and has implemented DMARC. Often our users correspond via a “secure” messaging platform like Proofpoint/ZIX/IronPort from their counterparts. However, when our users respond on those platforms, the platforms respond on their behalf “spoofing” their emails. At first level it fails to reach any of that person’s colleagues if they are on the thread based on our Anti-Spoofing Protection (Which I can whitelist Proofpoint/ZIX/IronPort via adding their IPs to our SPF record), however how can I do it for DMARC? Since I don’t have any of those services, I can’t provide them the DKIM key, etc. I’m assuming just whitelisting Anti-Spoofing Protection would then fall to failing to DMARC next.