John Levine

Famous expert

Ithaca, New York

Areas of Expertise:

  • compilers
  • e-mail
  • email
  • spam
  • security
  • consulting
  • speaking
  • writing
John Levine, founder of Taughannock Networks, writes, speaks, and consults on e-mail, the Internet, and other computer topics. He has written over 20 technical books, and is the co-author of O'Reilly's lex & yacc, 2nd Edition and qmail. He's also deeply involved in Internet e-mail in general and spam issues in particular as co-chair of the Internet Research Task Force's Anti-Spam Research Group ( ) and a board member of the Coalition Against Unsolicited Commercial E-mail (

He lives and works in the tiny village of Trumansburg NY ( where he reports that being the municipal sewer commissioner was a much cleaner job than dealing with spammers.

flex & bison flex & bison
by John Levine
August 2009
Print: $29.99
Ebook: $23.99

qmail qmail
by John Levine
March 2004
Print: $34.95
Ebook: $27.99

lex & yacc lex & yacc
by John Levine, Tony Mason, Doug Brown
Second Edition October 1992
Ebook: $23.99

John blogs at:

Dealing with DMARC

June 03 2014

DMARC is an anti-phishing scheme that was repurposed in April to try to deal with the fallout from security breaches at AOL and Yahoo. A side effect of AOL and Yahoo's actions is that a variety of bad things happen to mail that has From: addresses at or, but wasn't… read more

A helpful tip for AOL users

June 03 2014

AOL finally confirmed today that crooks have stolen credentials and address books from some large number of AOL users. (They say 2%, but that's only the ones they know about so far.) So we suggest you take some routine security precautions. Specifically, we recommend that you change your postal address, phone number, employer, date of birth,… read more

AOL has a security hole, and it's our problem

June 03 2014

Two weeks ago I wrote about Yahoo's unfortunate mail security actions. Now it's AOL's turn, and the story, as best as I can piece it together, is not pretty. Yahoo used an emerging system called DMARC, which was intended to fight phishing of often forged domains like A domain owner can publish a… read more

Why do we accept $10 security on $1,000,000 data?

May 24 2014

Last week we heard of yet another egregious security breach at an online provider, as crooks made off with the names, address, and birth dates of eBay users, along with encrypted passwords. They suggest you change your password, which is likely a good idea, and you better also change every other place you used the same password. But… read more

The Authors Guild Enters a Parallel Reality

May 24 2014

I used to say to our audiences: "It is difficult to get a man to understand something when his salary depends on his not understanding it!" - Upton Sinclair, I, Candidate for Governor: And how I Got Licked, (1935), p. 109 In November, the Authors Guild suffered a crushing defeat in… read more

Open Source software is the worst kind except for all of the others

May 24 2014

Heartbleed, for anyone who doesn't read the papers, is a serious bug in the popular OpenSSL security library. Its effects are particularly bad, because OpenSSL is so popular, used to implement the secure bit of https: secure web sites on many of the most popular web servers such as apache, nginx, and lighttpd. A few… read more

Yahoo addresses a security problem by breaking every mailing list in the world

May 17 2014

DMARC is what one might call an emerging e-mail security scheme. It's emerging pretty fast, since many of the largest mail systems in the world have already implemented it, including Gmail, Hotmail/MSN/Outlook, Comcast, and Yahoo. DMARC lets a domain owner make assertions about mail that has their domain in the address on the From:… read more