Programmatic Advertising: Prevent Fraud With ads.txt

In recent years, programmatic advertising has become very popular in the online marketing world. Reason? The automation of advertising sales offers efficient opportunities for marketing messages to individuals on a large scale. Unfortunately, a piece of human control has also been lost with the automation.

You no longer contact the seller directly to purchase advertising space. Moreover, this has led to advanced ways of trading in ad space, where the same ad position is bought and sold multiple times. The consequence? A totally dark ad ecosystem. Moreover, an obscure world is the place where malicious people are only too happy to commit fraud with advertisements.

Increase transparency

Ads.txt, an initiative of IAB Tech Lab that was rolled out in May 2017, should increase transparency within programmatic advertising and give publishers more control over their inventory, to prevent advertising fraud. However, what exactly does ads.txt mean for the online marketer? You read it in this article.

In order to be able to understand the ads.txt standard and why it was developed, I first go more in-depth into how programmatic advertising works and what all that involves. I conclude with an example of how this process can be misused to commit fraud. Then I discuss two practices in the programmatic advertising world that emphasize why ads.txt is so essential. Furthermore, I show using an example how ads.txt will lead to more transparency in the programmatic advertising world.

Programmatic advertising: summary

Programmatic advertising is, in short, the automated purchase of advertising space. It is a complicated process in which different actions are carried out within milliseconds. This process can best be explained by a visual.

As you can see, nine components play a role in a programmatic advertising process.

If a visitor (8) reaches a website (7), the owner of this website (the publisher) can offer advertising space via an advertising network (6), a party that brings supply and demand together (think of Google and Facebook for example) ). The publisher can manage the available advertising space via a Supply Side Platform (SSP) (5) and thus also set the price at which space is available.

On the other side of the process, we have an advertiser (1), or the end customer for whom it is advertised. The advertiser often uses an ad agency or media agency (2) to purchase advertising space. This can be done by using a Demand Side Platform (DSP) (3), to book the campaigns with the desired duration, bids, et cetera. The supply and demand side then converge in an auction (4). This auction determines which party has offered the most and won the advertising space.

In addition to this whole process, there are also parties that only collect data (9), in order to subsequently sell this data again. These are, for example, companies that collect data from forums on a large scale (users) and combine this with other (public) data, so that advertisers can target certain profiles (for example man, 20-45, highly educated and in possession of a car).

How it can go wrong?

Due to the complexity of programmatic advertising, it is unclear what role each party has (or may have). This, therefore, offers malicious people room to commit advertising fraud. An example: the Financial Times (ft.com). The Financial Times sells advertising space through two auctions: Google AdX and TrustX. Fraudsters made it appear as if ft.com was active on about twenty different ad auctions. Even at sales where advertising space for videos was sold, although ft.com does not have advertising space for videos. Ft.com estimates the financial damage of these practices at 1.3 million dollars a month (!).

What is ads.txt and why is it necessary?

The example of the Financial Times above shows that it is important to increase transparency in programmatic advertising. The ads.txt standard has been developed with this in mind. In ‘ads.txt’, ‘ads’ stands for ‘Authorized Digital Sellers’. Ads.txt makes it possible, using a publicly accessible file, to indicate via which account the publisher advertises space directly, and through which organizations/auctions the advertising space is auctioned.

Domain spoofing

The necessity of this standard stems from various practices in the programmatic advertising world, including the spoofing of domains, such as the example of the Financial Times. When spoofing a domain, a fraudster makes it appear as if a random domain is a premium placement. The aim of this is, of course, to earn advertising spend. Advertisers think their ads are displayed on a major publisher website, while in reality, it is on an unwanted website (certain forums, torrent websites, etc.).

Two ways of domain spoofing

Domain spoofing can take place in two ways. The first way is to hijack a user’s browser and enter a piece of code that displays advertisements in this browser. So these ads appear instead of the ads from the publishers themselves.

The second method uses the way publishers send information when calling an ad auction. This is because information is provided to the advertiser utilizing a piece of code (on which website a user is located and on which a bid can be made). This piece of code can be modified by malicious parties to send false information to the ad auction. This way it can be done as if an impression is being auctioned off a premium placement, whereas in reality, this is not the case.

An example of domain spoofing is the Financial Times that was described above.

Domain arbitration

Another reason why the ads.txt standard has been developed is that in the programmatic advertising world the buying and selling of advertising spaces also take place by intermediary parties. This is called domain arbitrage. Domain arbitration is applicable as an intermediary, for example an advertising network where demand (advertisers) and supply (publishers) meet, bulk advertising space can buy up with publishers and with that discount terms, but then this ad space can sell more expensive.

How does ads.txt provide more transparency?

Ads.txt increases transparency by making it clear in a publicly accessible text file via which system a publisher sells advertising space and who can resell it via which networks. Once the publisher has implemented ads.txt, anyone can view this file by placing “/ads.txt” behind the domain. So if you want to see ads.txt from toptut.com, then go to toptut.com/ads.txt in your browser. An example snippet of an ads.txt file:


From the above, the following can be read:

www.toptut.com sells advertising space through various seller accounts. Each line is a separate seller account. Within each line four fields are indicating:

First the domain of the authorized party that can sell advertising space from toptut.com. In this case, that is Google.com.
This party has an associated account ID, which is in the second field.

The third field indicates whether the publisher manages the account (directly) or has it managed via a third party (reseller). In the above example, toptut.com is directly connected to the buttons.

The last field is optional and can be used to provide an ID with which the authorized vendor can be identified with a certification authority such as TAG.

The visual below shows a different situation. A website sells advertising space through three different seller accounts and three different networks. The DSP that an advertiser uses can automatically call the ads.txt files to determine which vendor accounts and ad networks the ad slots are sold on. The advertiser knows which domains, ad networks, and seller accounts are authentic.


What is the status of Ads.txt?

The ads.txt standard is slowly becoming established. In November 2017, for example, almost half of the 10,000 top domains had implemented ads.txt. This increase was partly due to the acceptance of this standard by Google. At the end of 2017, Google indicated that DoubleClick Bid Manager (DBM), AdSense and DoubleClick Campaign Manager (DCM) would support this standard.

Meanwhile, more than 20 percent (16-01-2018) of the top 5,000 Alexa websites uses ads.txt. This standard also seems to be well received in the Netherlands. A sample of some large Dutch publishers shows that the majority have implemented ads.txt.

Restrictions on Ads.txt

Although the ads.txt standard is a good step towards more transparency in the programmatic advertising world, there are still limitations to this standard. The standard has been developed for the web and therefore not usable for mobile apps, for example.

Furthermore, transparency about which parties are authorized vendors is not equal to the elimination of advertising fraud. After all, an authorized vendor can still mix bot traffic (artificial computer traffic instead of traffic between real people) with authentic traffic.

Another limitation of ads.txt is that both DSPs and publishers must implement ads.txt before it affects anything. Otherwise, it is still possible for fraudsters to continue the practices discussed earlier. The last bone network identified by Adform (pdf) also indicates this.

A step forward…

Unfortunately, the ads.txt standard is not a complete solution, given the previously discussed limitations, but it is a step forward. Increasing transparency makes it much more difficult to carry out domain arbitration and other unwanted practices. This makes this type of practice much less profitable and therefore less attractive.

It is essential that advertisers, agencies, and publishers are aware of the ads.txt standard, but especially of the reason why the standard was created. Through awareness, I hope that a requirement will arise to support ads.txt. Advertisers will have to urge agencies to take all possible measures so that their advertisements are displayed on authentic domains. At the same time, agencies will have to push DSPs to support and use the ads.txt standard. Publishers will, in turn, have to support the ads.txt standard as an additional quality characteristic of their inventory.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.