For Option A i would create a dictionary called "Authorized_Domains"
add all domains in the dictionary including the @sign, one per line max 1500
then I would create an incoming content sender looking if sender contains list in dictionary then quarantine to a maybe "Unauthorized Domains" for checking.
For Option B you would also create a content filter checking for DMARC verdict in the SMTP header and then edit the header and replace it with whatever you want to have on field Sender: