Why publishers need to protect their reputations in the age of server-to-server

by John Murphy, VP of marketplace quality, OpenX

Most publishers are well aware of the benefits that can come from implementing header bidding and server-to-server containers. But what they might not know is that these increasingly popular monetization tools have ushered in a new threat to inventory quality.

By flooding DSPs with duplicate bid requests, header bidding has made it harder for buying platforms to identify when bad actors have disguised a low-quality impression as one that belongs to a premium publisher. This behavior, commonly called domain spoofing, has been exacerbated by the growth of server-to-server connections, which prevent exchanges from independently verifying the true URL of an ad request in real time. Meanwhile, shady ad networks are still getting away with re-selling inventory from publishers who have not authorized them to do so.

Though the proliferation of header bidding and rise in adoption of server-to-server containers has led to increased yield for publishers, the growth of domain spoofing and indirect inventory threatens publishers’ businesses. Indeed, these fraudulent tactics don’t just rob publishers of brand spending initially intended for them — they can also devalue what a publisher’s real inventory is worth on the open market. In order to preserve the reputations they have worked so hard to build, publishers must educate themselves on these emerging threats and begin taking proactive steps to neutralize them.

Domain spoofing is more prominent and harder to track than ever before

For those who are unfamiliar, domain spoofing occurs when a fraudulent website or ad network sells a premium impression on a site like nytimes.com, even though the impression will actually be served on a much less desirable site. Since these low-quality impressions generally perform much worse than the premium inventory they imitate, buyers wind up thinking that the premium site has delivered poor results. Over the long run, this can dissuade buyers from purchasing the fraud victim’s inventory, diminishing their CPMs in the process.

In recent months, this tactic has been on the rise due to the growth of server-to-server (S2S) connections. Before S2S, publishers would typically integrate with a network or exchange via a tag, a snippet of Javascript code that can be used to verify important information about where the impression will run and who will see it.

But when S2S connections are used, platforms have to rely on an API for this critical information. As a result, these platforms rely on the information that’s passed down to them by upstream mediators. If any of these upstream sources choose to fudge the impressions’ domain information along the way, there’s no way for the exchange or the buyer to find out before it’s too late. This issue has been compounded by the fact that low-quality exchanges and networks have also started using server-to-server technology to connect with one another, a tactic that makes it look as if they have access to more inventory than they really do.

What makes all this even more frustrating is that header bidding is making it harder for buyers to catch fraudsters in the act. Because it allows multiple exchanges to bid on an impression simultaneously, DSPs are now processing significantly more bid requests than they used to. In some instances, they’re seeing the same impression from dozens of sources – many of which do not have advanced traffic quality technology. This massive redundancy in requests results in greater strain on the human teams tasked with investigating fraudulent activity at DSPs, which allows more phony impressions to slip through the cracks.

It’s time to fight back

With so much at stake, it’s absolutely crucial that publishers take preventive measures to stamp out domain spoofing.

Generally speaking, a publisher’s authorized exchanges should be the first point of attack. Though it may be difficult, publishers must be unafraid to ask partners tough questions about whether they’re doing all they can to guard against domain spoofing and misrepresentation. Specifically, media companies should make sure their partners prohibit resale by DSPs and require networks to provide proof that they’re authorized to sell a publisher’s inventory. They’ll also want to look whether their exchanges have post-impression validation tools to detect domain spoofing and other fraud tactics after the impression is served.

If publishers have relationships with DSPs, these entities can also be of service. By asking how much of their inventory has been made available to a buy-side platform, publishers can quickly discover when there are more impressions on the market than they have authorized their partners to sell.

Last, but not least, publishers should take the time to participate in industry-wide initiatives like IAB’s ads.txt, a proposed standard that would allow publishers to declare which companies are authorized to sell their inventory. After all, when bad actors devalue publisher inventory, they discourage brands from investing in digital and threaten our entire ecosystem. By working together, we can build a better, safer marketplace, one where buyers get what they pay for and publishers have complete control of their inventory.