Publishers are getting noisier about the level of domain spoofing occurring against their inventory, with News UK the latest to talk openly about the results of its first programmatic blackout test. But few, if any, feel empowered to publicly name any supply-side platform that lets in large volumes of fraudulent inventory to their platforms — and for good reason.

For starters, lawsuits are messy, expensive and drawn out. Proving foul play when it comes to fraudulent inventory is extremely difficult, and publishers are wary of the legal ramifications. In some cases, confidentiality clauses in their contracts can bind them. Even vendors sometimes claim confidentiality clauses prevent them from sharing fraud insights with publishers, all contributing to the ring of silence. In some instances, the simple opacity of the programmatic supply chain renders it difficult to pinpoint who is responsible.

If publishers don’t have sufficient evidence of an SSP acting badly, they could be sued for defamation. “It’s unproven whether attempting to buy your own inventory would stand up in court as evidence of fraudulent behavior or malpractice on behalf of the SSP and whether the use of ads.txt and the public naming and shaming would bring a legal response,” said one publishing executive, who spoke on condition of anonymity.

The publisher would also have to prove the SSP breached a duty of care by allowing the fraudulent inventory to appear, which is difficult when it’s often third-party suppliers pumping fraudulent inventory into the exchanges and SSPs. Plus, some SSPs are working to address the situation. Ad tech firm Adform identified a large-scale domain-spoofing scam last November and alerted all the ad exchanges affected. Other exchanges have promised they’re more regularly checking that the inventory coming into their platforms is clean after onboarding new publishers or publisher networks.

Still, months after the Financial Times went public with its own domain-spoofing investigation, millions of bids are still being made on inventory purporting to be premium publisher brands, with News UK estimating that marketers are throwing away £700,000 ($950,000) a month on fraudulent inventory on its own news brands. “I’m gobsmacked that not every single SSP has tightened up on this since the FT released its findings,” said Dan Wilson, CEO of startup London Media Exchange and ad tech exec. “Publishers should be kicking and screaming and demanding compensation.”

Aside from fear of backfiring lawsuits, publishers may be bound by confidentiality agreements with their vendors. “The confidentiality clauses in SSP contracts are usually quite broad and could conceivably cover not bringing the SSP into disrepute by releasing data linked to their name,” Wilson said.

Hiding behind contract terms seems to be a useful tool. At times when publishers have requested fraud intelligence from their SSP partners, the SSPs have declined to do so, citing their own contractual obligations with vendors, according to sources. “My immediate question [when told by an SSP it can’t supply fraud insights] is, which contracts? The ones with the perpetrators? It undermines the publisher’s understanding of the issue,” said another publishing executive who asked to remain anonymous. “Without understanding, it’s difficult [for us] to act.”

An additional gnarly point: Publishers may estimate how much money marketers are wasting on fraudulent inventory, but proving that money would otherwise have gone directly to the publisher is also difficult to argue in court, according to sources. And each SSP would require a separate lawsuit — a legal and financial nightmare. “It’s far from an easy, slam-dunk case,” said another publisher executive speaking on condition of anonymity.

For buyers, it’s a different scenario. Last summer, Google issued refunds to advertisers who inadvertently bought fake traffic. Other DSPs have followed suit, also offering to compensate buyers should there be a major breach. It’s a positive step — albeit with some less positive knock-on effects such as the DSP passing liability for issuing refunds for fraud back to the exchange, then the SSP, and it somehow ending up at the publisher’s door.

“This overlooks the source of [much of] the fraud issue, which is SSPs reselling and buying network traffic,” said another publishing executive. “It creates a disconnect between liability and responsibility. Onus should be on SSPs to adapt behavior to guarantee legitimate inventory — not to try and pass liablity.”

Others don’t believe contractual agreements should be binding when it comes to an issue as great as fraud. “The reticence of publishers to name and shame those ad tech platforms involved in fraud which are damaging their business is a typical case of Stockholm syndrome,” said Alessandro De Zanche, independent consultant and former News UK executive. “I highly doubt that in the case of fraud, any [contractual] clause would stand. It is more a case of publishers being passive and not being self-confident about their role and their value.

“Hopefully soon we will see end-to-end investigations with sore outcomes for the culprits, although we should differentiate from those platforms which discover fraud and react immediately and those which are not only caught with their hands in the cookie jar, but are also apparently refusing to disclose the details. It’s a duty for all of us to fight and wipe off certain players from the ecosystem.”

Of course, publishers stay quiet for other reasons. Some genuinely view their partnerships as relationships they want to maintain and prefer to put pressure on vendors privately rather than name them publicly. “It’s bad business [to name names], and the industry is small and they may mention someone that’s trying to improve,” said a senior executive for a major digital publisher.

The Association of Online Publishers is working with members to explore whether publishers can seek compensation in the future for severe levels of domain spoofing on their brands. “We’re seeking to renegotiate parts of the terms of agreement, to ensure a process exists to enable compensation where appropriate and warranted,” said Richard Reeves, managing director of the AOP.

But not everyone believes compensation is the answer. “We can’t fully blame SSPs for domain spoofing, as it is an exploitative hack of an emerging space in real-time bidding, said Amir Malik, digital marketing lead at Accenture. “Fraudsters look to commit these sorts of crimes in all digital industries.” However, he too believes that vendors can’t shirk responsibility. “More effective governance and fraud technology prevention needs to be developed,” he said, “and the SSP cut from those sold impressions should at the very least fund such initiatives.”

  • LinkedIn Icon