Who’s guilty of domain spoofing in display advertising?

Who’s guilty of domain spoofing in display advertising?
Jeffrey Finch is Co-Founder & Chief Product Officer at Choozle –Easy Digital Advertising®. With nearly 20 years in the digital media space his primary focus has been in the areas of digital advertising, search and social media. He has been a digital marketing and strategy consultant for small to medium-sized businesses for over a decade and has owned and operated several online companies.

Think your brand isn’t vulnerable to domain spoofing? Think again. This kind of advertising fraud affects even top marketers. The click-fraud machine Methbot alone stole millions per day in 2016. 

Despite Choozle’s multi-layered, preventative measures, we occasionally find our ads appearing where we don’t expect them to.

When searching for the culprits of ad fraud, it’s hard to tell what happens in the nebulous transactions between exchanges and inventory suppliers. And therein lies one part of the problem. 

What is domain spoofing?

How it works is a brand or their agency may see the URL for reputablewebsite.com, let’s say the New York Times, but in reality, is buying from a completely unrelated site, like cuter-pets.com. Since a publisher creates the inventory space, the publisher has the power to define the URL, location, and content category that is placed into the bid stream through the supply-side platforms (SSPs). 

How and where does domain spoofing happen?

It can happen anywhere in the supply and distribution chain, but it commonly occurs on the supply side. The ad buying process goes like this. A publisher creates a bid request and sends it to several supply-side platforms and ad exchanges.

What happens next is murky: once in their hands, the ad exchange or supply-side partner can mislead ad buyers into what media and publishers they sell and represent by rewriting the domain name.

Why can’t demand or supply-side platforms detect spoofed domains in real time?

Well, for one, a spoof-catching technology like that doesn’t exist yet (waiting on you, RebelAI). And demand-side platforms (DSPs) can’t tell if a domain name has been rewritten once it’s passed to them. While supply-side partners could help to filter out bogus traffic sent by ad exchanges, getting them to take action against fraudulent sellers is difficult.

the incentive to protect publishers and advertisers against domain spoofing isn’t there

SSPs profit by buying inventory at low prices and then reselling them for more. Meaning, if an SSP wants to purchase cheap but mislabeled inventory purporting to be from the New York Times and then resell it at a much higher price, they can. It will happen if there’s money to be made with little risk of getting caught. The incentive to protect publishers and advertisers against domain spoofing isn’t there.

Then what can be done to prevent it?

The IAB Tech Lab created the ads.txt project to make it harder for fraudulent sellers to tout bogus inventory across ad exchanges. Publishers create lists of suppliers who are authorized to sell their inventory.

Ad buyers send crawlers (remember robots.txt?) to scour publisher sites and collect the lists, and then use the ads.txt files to create filters to identify and bust imposter sites. It’s basically whitelisting for publishers.

Ads.txt is working to remove the financial incentive for SSPs to sell misrepresented media by allowing programmatic ad buyers to create a list of authorized sellers for each participating publisher. While CPMs will rise as frauds are weeded out and supply goes down, advertisers should see an uptick in ad performance. A downside: ads.txt can’t specify if a vendor is authorized to sell in-banner video ads, so it too could be gamed.  

Beyond the Ads.txt project, brands and their agencies must be vigilant about who they do business with and find a demand-side platform that actively monitors inventory. This isn’t just third-party validation tools or taking proactive measures, but also offering complete transparency, so brands and their agencies have the information they need to determine what constitutes quality inventory and the tools to act on those determinations.

But there isn’t one answer for everything.

Ads.txt only works if publishers and ad buyers participate. And, as an advertiser, do you really want to create, implement, and monitor a file on every website where your ads might appear? Yeah, me neither.

there’s value in paying for a few wasted impressions

The industry will take time to reconcile its issues with ad fraud. But, as we learn how to combat these problems, look at it this way: There’s value in paying for a few wasted impressions. Not only is eliminating ad fraud altogether too costly, but it also doesn’t allow for innovation in a changing market or true learning within a programmatic ad campaign. Let’s not forget that failure is often the driver of innovation.

Change and discovery can also happen within a digital ad campaign by “wasting” some money. You’re likely to learn valuable lessons along the way, and in the long run, it will save you time and resources.

View Comments
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *