Domain spoofing remains a huge threat to programmatic
Because programmatic advertising has automated so much of media, more and more marketing dollars are underwriting fraud without advertisers’ knowledge. One major trick unscrupulous publishers are using is domain spoofing. While not exactly new, domain spoofing is getting into the public eye thanks to the rise of fake news.
The recent “Methbot” scheme — which spoofed more than 6,000 premium publishers in the U.S. and generate as much as $5 million in fraudulent revenue per day — was the first public display of this risk. The way it works is that a buyer may see the URL for reputablewebsite.com (be it CNN or Huffington Post or any number of sites out there) but, in reality, is buying from a completely unrelated site, disreputablewebsite.com.
“Methbot was just one form of domain spoofing. It was unfortunately treated as a one-off incident, and industry attention subsequently died off,” said Rick Abell, vp of global publisher development for ad intelligence firm Exponential. “There are many more Methbot-type bots out there that have not yet been detected or reported on that are causing just as much damage.”
Since a publisher creates the bid request by itself, the publisher can put whatever URL, location and content on the page it wants, explained George Levin, CEO and co-founder for ad tech firm GetIntent. But domain spoofing isn’t just about fake news. It is one of the major underlying problems of programmatic, according to people interviewed for this article.
“I see lots of inventory from our 55 supply-side platform partners that has mismatched domain information and page information,” said Levin. “SSPs should have an algorithm to detect this problem, but many flow it to demand-side platforms. SSPs and DSPs can keep their eyes closed and feel comfortable because clients don’t know this anyways.”
Brands typically don’t receive log-level data from their agencies, so they don’t know what they are buying, said Mike Driscoll, CEO for analytics firm Metamarkets. For an advertiser, it boils down to how closely it works with ad partners who are connected with the end publisher, said Exponential’s Abell.
Publishers put their inventory up on an ad exchange, letting hundreds of parties bid for that impression. If an SSP wins the impression, it usually doesn’t serve ads directly by itself — it optimizes yield by letting hundreds of ad networks, other SSPs and DSPs bid on this impression. Then an ad network could put together a site list and includes all sites through that SSP, and then passes it off as its own site list, saying that it represents those sites. This ad network might resell the impression to another ad network and on and on until someone finally serves an advertiser into the impression, he explained.
“If any of those parties along the way misrepresent their inventory, domain spoofing could happen,” noted Abell. “The more hops there are, the more risk that one of the partners along the way is doing something unsavory. This also means their tag is nested in several iframe layers deep.”
Blacklists and whitelists — used by advertisers to block undesirable sites — wouldn’t help because those approaches can hardly verify an impression. Since a bid request has to go through many hoops (a tag within a tag within a tag), it is difficult for even verification vendors to catch fake domains, he said.
Stuart MacDougall, chief technology officer for performance marketing firm SourceKnowledge, thinks that fake domains are more of human negligence than an engineering problem.“Sometimes people just don’t check,” he said. “Brands outsource programmatic to agencies. Agencies are going through trading desks and buying a bunch of ad traffic without looking carefully because the supply chain is just too long.”
If people cared, the industry would have done a lot to improve ad fraud and fake news. But buying cheap media at scale is still what everyone is looking for today.
‘I felt like I was pushed into being a stay-at-home mom’: Confessions of a former ad exec on being fired after becoming a mother
In this edition of our Confessions series, where we exchange anonymity for candor, we hear from a former agency director about getting fired and struggling to find a job amidst navigating motherhood and launching a new project.
To get the attention of millennials and Gen Z, Ace Hardware is turning to influencers
Ace Hardware is adding a paid and organic influencer strategy to its marketing mix to allow the brand to make content that “doesn’t feel like an ad."
‘The world of either is behind us’: Marketers predict the future of events will be a hybrid of online, in-person
Hybrid events, combining in-person programming with an online experience, are likely to become the norm as the vaccine rollout and general return to life continues.
SponsoredVideo: How employer rewards and incentives changed in 2020
The nature of employer rewards programs has transformed, accelerated by the events of 2020 — a year of sweeping change. Employees shifted to digital, their preferences moved to digital wallets and they asked for new and surprising ways to use the rewards their employers delivered. In these new interviews, employer rewards experts talk about the evolving […]
Member ExclusiveMarketing Briefing: With Cannes Lions once again virtual, the ‘networking and dealmaking is likely the biggest casualty’
The promise of another virtual event when many execs are Zoomed out and feel like it’s impossible to unplug from daily work for a virtual event has some questioning what attendance or networking will be like.
Cheat Sheet: Pinterest’s new rules hold creators accountable for posting brand-safe content
Pinterest's "Creator Code" mandatory content policy guidelines will keep its content creators in check, ensuring Story Pins adhere to the tone and brand-safe messaging Pinterest wants to market.