DMARC is a mechanism used by mail servers and other mail software to

decide what to do with e-mails if the sender fails a verification test

(such as if an e-mail address in the From header is spoofed). Many

companies set this to quarantine (e.g., mark as spam) or outright reject

e-mail. Since many of our projects attempt to e-mail on behalf of users

when they interact with our services, this leads to a very bad

experience.
This new support will later allow our e-mail code to be smarter so that

it can decide whether to spoof or not based on the sender domain's DMARC

settings.
There's one public function available for use: get_dmarc_record().

This will fetch the DMARC record for the specified hostname (or the

organizational domain, if not available on that hostname) and return

a parsed version. This data is cached by default, preventing unnecessary

subsequent requests to DNS.
In order to fetch the organization domain, we have to consult the Public

Suffix List from publicsuffix.org. This is a set of rules that match an

arbitrary subdomain (like foo.bar.example.com) to an organization domain

(such as example.com). Since not all organizational domains are that

easy to figure out, the DMARC RFC states that this list must be

consulted. We rebuild the list when packaging or installing, shipping it

with Djblets, and we use a third-party module to parse it.

Unit tests pass.
Tested the functions manually with a handful of domains, each containing

various DMARC configurations (or not), and with and without having to fall

back on organizational domains.