Ad Quality Climbs the Ladder as Syncs Deal With Xandr

The question long asked at AdMonsters events: why does the ad quality burden fall solely on publishers? Fortunately, that weight is finally being shared by others in the supply chain.

Slowly but surely, exchanges and SSPs are starting to take responsibility when it comes to supporting ad quality in the ecosystem. The latest example comes from AT&T’s ad-tech arm Xandr, which just announced the deployment of’s technology across its marketplace

I caught up with Founder and CEO Matt Gillis to find out what turned Xandr on to; how the company differentiates its offering through “behavioral analysis”; and when the DSPs will finally do their part to ensure better ads flow through the pipes.

GAVIN DUNAWAY: What do you think attracted Xandr to

MATT GILLIS: We believe the quality of our product and our service ultimately won us the partnership.  It was a rigorous selection process that evaluated many dimensions including:

  • effectiveness at identifying and stopping malicious ads without introducing costly false positives into the results set;
  • the granularity of our forensics for internal and external stakeholders;
  • other performance characteristics of our product (i.e. latency, UI / workflow, etc.); and,
  • the timeliness and caliber of support clients receive from us.

GD: Can you give us an idea how’s “behavioral analysis” in finding malvertising works compared to other common techniques like sandboxing?

MG: Great question! We focus on the actual behaviors an ad (or any arbitrary 3rd-party JavaScript) so that we understand if it intends to load or execute a malicious payload—even if it’s a novel threat we’ve never seen before.

This deterministic approach is very different than those that attempt to predict whether an ad is malicious based on features of that ad (i.e. a fingerprint of its JavaScript, attributes about the destination URL, etc.).  This can generate costly false positives, especially as bad actors increasingly rotate fingerprints to confuse models.

The same goes for approaches that rely on having to catch a bad ad first and then load it onto a big blacklist of bad URLs, creative IDs, or JS fingerprints, which the bad actors rotate increasingly frequently anyway meaning these approaches are becoming less effective over time.

It’s also more effective than using a sandbox at the time of creative registration. Bad actors are generally sophisticated enough to not include their malicious payload in the submitted ad, instead using multi-stage loaders to call out and fetch it once they’ve detected they’re not in a sandbox.

Behavioral analysis has proven more effective than relying on a sandbox to build a blacklist or train a model as bad actors are quite adept at not getting caught in a sandbox or by users manually trying to catch bad ads using some MITM or proxied device.

GD: Do you think DSPs are interested in malvertising prevention? What do you think it will take to drive the cause that far up the chain?

MG: Of course they are!  If a DSP loses access to key supply and reach, it’s lost a huge portion of its unique selling proposition. Not all exchanges have the resolution to surgically remove malicious ads at the creative level like Xandr now does in a scalable, automatic way, and so DSPs are at-risk of having specific seats or total access to the exchange partner shut off if they are a repeat offender. now has a product for DSPs that is exceptionally easy to integrate and enables them to deliver clean demand to mitigate the risk of losing access to key supply. Stay tuned for more from us with DSPs…