Policing ads.txt files is an ongoing battle for publishers.
Ads.txt was a tool launched with much fanfare in 2017 to help combat a persistent form of ad fraud: the unauthorized selling of publisher ad inventory and domain spoofing. But last week, a major flaw was highlighted as ads.txt was revealed by DoubleVerify to be the latest target of fraudsters.
Publishers were concerned but unsurprised by the news. But they also called for the buy side to ensure they’re keeping up their end.
“Ads.txt was a welcome initiative to tackle ad fraud, but in reality, it is a sticking plaster to treat the symptoms of a market that is distorted by opacity by design,” said Hamish Nicklin, chief revenue officer at the Guardian. “Without a fundamentally more transparent system ad fraud and bad practice will continue to thrive. This could be solved if buyers and sellers reconciled transactions through a transparent system of programmatic receipting.”
Several publisher sources believe ads.txt has helped to curb the volume of fraud. Since the tool was introduced, a publisher’s power to police who resells its inventory is stronger, for instance. Around the time ads.txt was introduced, one digital media publisher received as many as five daily requests from unknown companies demanding to be added to its ads.txt file. That’s now slowed to one a week. “These were mainly from resellers who were trying to arbitrage our inventory,” said the executive. “We ignore all of them unless we know who they are, which is very rare.”
An increasing number of agencies have declared they now buy ads.txt inventory. Yet publishers are skeptical as to just how many are buying ads.txt-only inventory because doing so would theoretically reduce the scale of buys they could make, according to publisher sources. Last October, Digiday Research showed there was a large gap between the number of publishers that had implemented ads.txt and the agencies that buy only ads.txt inventory in the U.S.
“An audit of who has implemented ads.txt from the publisher side versus how adopted it has been on the buy side would be interesting,” said a publishing executive at a British newspaper. The same executive said that several agencies have admitted recently that they don’t buy this way as it restricts the scale of their buys. “That does bother me as it indicates we have a way to go to ensure both buy and sell side are aligned.”
However, some agencies are bullish on buying ads.txt-only inventory. “We make a conscious decision to only use DSPs that allow us to remove all unauthorized sellers from our programmatic buys to increase our confidence in the supply chains we are using,” said Matt McIyntre, head of programmatic for EMEA at Essence. Simon Harris, head of programmatic activation for Dentsu Aegis, posted an article last week informing agencies and publishers how to get the best out of ads.txt, including how to address the scale issue.
Most seasoned digital marketers and publishers know there is no silver bullet for solving fraud, and yet more is required from both sides for ads.txt to become less of a fraudster haven, according to publisher and agency sources. “They [publishers] should be holding their SSP [supply-side platform] partners, especially resellers, to account for delivering revenue and vetting actors signing up to their exchanges,” added McIyntre.
Most of the work is needed on the buy side, according to Augustine Fou, an anti-fraud researcher. He believes that fraudsters will continue to take advantage of ads.txt as long as the buyers aren’t scrutinizing beyond the domain name given. If a bona fide publisher domain appears in the ads.txt file, they can still be a fraudster because it’s easier to fake a domain name than to fake a seller ID. ”Agencies need to ask the DSP to include sellerIDs in the placement reports,” said Fou. ”The placement reports today only include domains, which means the fake stuff is co-mingled with the real stuff and you can’t tell. Once you have the sellerID you can verify who got paid, and whether those sellerIDs were the right ones, according to the real domain’s ads.txt.”
Publishers also want more assurance that demand-side platforms and agency buyers are vetting the companies that make it into the ads.txt files. “There are a lot of ways to get around ads.txt, and this [scam] does represent one that the publishers can’t really help to avoid,” said an executive at a major news publisher. “We need DSPs to pay attention to the account numbers and the security IDs where provided, and we need the SSPs to be more selective in who they allow as partners.”
Some agencies are now pushing for adoption of ads.cert — the sequel to ads.txt which in theory will make it harder for fraudsters to spoof inventory or resell it without authorization from the publisher. But it will be some time before that’s adopted en masse because it comes as part of the next phase of the real-time bidding framework.
Meanwhile, other efforts to stamp out fraud continue. The trade body the Trustworthy Accountability Group has today (Feb. 12) launched an initiative in which it will alert advertisers and their agencies if their ads are running on pirate sites in Europe. Called Project Brand Integrity, the aim is to protect brands from association with illegal, stolen content. A similar effort has been run in the U.S., and reduced the number of impressions on pirate content sites by more than 90 percent over two years, and eliminated all ads from premium brand advertisers on those sites, according to TAG.
The body has commissioned anti-pirate software vendor WhiteBullet to monitor and document ads on infringing sites. TAG will then share the information with the advertiser or its agency.
City of London Police Intellectual Property Crime Unit and Europol will help raise awareness of the program and support brands and their agencies in their compliance efforts. PIPCU has worked with advertiser and publisher trade bodies for years, to reduce pirate sites raking in profits from ad revenue provided by unwitting advertisers. As a result, more than 1,800 pirate websites have been shut down, according to PIPCU, since it started in 2016.