“First thing we do, we kill all the resellers!”
—Ad-Tech William Shakespeare, “The Taming of the SSP”
Ad-tech news junkies were a-buzz last week with a report from DoubleVerify exposing a “new” Ads.txt fraud scheme. My use of quotation marks probably clues you in that the ploy ain’t so novel. (Nothing fazes someone who’s been in ad tech as long as me!)
However, the fraud is interesting because it highlights an issue with exchanges that’s been lurking on the edges of debate, while also raising serious questions about the future of auction-based programmatic.
A Plot Most Complex
DoubleVerify discovered a content-scraping scheme to build lookalike sites of premium publishers, sometimes with new or different ad placements. Domains were then spoofed, but here’s the wrinkle: the fraudsters examined the premium publishers’ Ads.txt files and signed on with the same resellers; some likely spoofed the actual content of the Ads.txt files to sow confusion.
So when the reseller puts out a spoofed domain for auction on an exchange, the reseller ID lines up with the premium publisher’s Ads.txt. The content scraping adds a layer of subterfuge to confuse the middle exchange, DSP, and end buyer, though in reporting the seller ID for the premium publisher would not match the spoofed domain.
This is a complex scheme, one far more complex than Ads.txt was designed to solve. No one, the IAB Tech Lab included, has ever said that Ads.txt was more than a simple solution, and it’s only one step in a proposed plan to combat fraud. Ads.txt files are easily accessible and can be copied—something that has been warned about since the launch.
This fraud doesn’t exhibit a flaw in Ads.txt, but it does show how bad actors can circumvent it. Ads.txt puts a huge dent in domain spoofing, but it unfortunately doesn’t completely solve the problem.
Blame the Resellers!
The fault really falls on the exchanges and the resellers. The resellers should be more vigilant in monitoring the publishers they work with to weed out scam artists (particularly the domain spoofers), and by turn the exchanges should be more vigilant about the resellers they work with.
But the problem in our current auction-based programmatic system is that the intermediaries benefit from most fraud. Call them unwilling or incurious accomplices, but accomplices they are nonetheless.
There needs to be a stronger disincentive for resellers/agencies to work with fraudsters, but there’s barely any reputation management in ad tech, and frankly (all) the middlemen still make money off of fraud.
— Gavin Dunaway (@AdMonsterGavin) February 8, 2019
Yes, the buyers should ensure SellerIDs and domains line up in reporting, and then use that as leverage in reconciliation with exchanges or as a way to punish gross offenders. But a demand-side friend mentioned that buyers have been pleading for enhanced controls within exchanges for years—notably the ability to turn off inventory from resellers.
SSPs should step accepting resellers, period. Google gets great traction because they say, “We own the tech from marketer to publisher” and they’re right! Plus, AdX has 1MM sites – why do marketers need more from resellers through other SSPs?
— Jay Friedman (@jaymfriedman) February 8, 2019
So should we say to hell with the resellers? Trade coverage of the DoubleVerify report featured many voices calling for direct relationships between end buyers and sellers in programmatic, as well as a renewed call for preferred transaction chains (Supply Path Optimization anyone?). Basically, they’re advocating buyers use private marketplaces, private exchanges, and preferred deals.
Jay Friedman is right that Google controls the full stack—who would have thought merging the most popular supply-side ad server with your in-house exchange would be so advantageous? Google’s SSP rivals likely need to leverage resellers to offer the scale to compete. For smaller or midsize publishers with quality traffic but not enough to make a top-tier SSP viable, giving up on resellers is not an option.
And this was one central promise of programmatic, particularly with the auctions—democratizer that enabled upstart publishers with valuable audiences to compete with established sites with established bases. On the other side, willing buyers had a giant tapestry of sites (BUT NOT INFINITE!) to unleash targeted campaigns.
But more than a decade of rampant fraud and abuse makes these notions seem laughably utopian.
Thar’s Gotta Be a Better Way!
There is a better way. I agree buyers should have the ability to shut off resellers within their partner exchanges. Those looking for more scale will choose to wade into the reseller waters.
What will help make those waters bluer and safer is Ads.cert, the authentication salt to Ads.txt’s seller-validation pepper. Ads.cert enables publishers to include an encrypted signature on inventory that buyers can match in real-time to a public key in real time to certify that creative is appearing where desired. Scam artists may find a way to circumvent it, but it will bring high-powered halogens to the dank, programmatic basement.
The hangup is that the rollout of Ads.cert is tied to OpenRTB 3.0, which is a top-down rehaul of the OpenRTB standard. Programmatic players—in particular, DSPs— are going to have to rewrite their tech stacks to comply.
The IAB Tech Lab is offering tools to ease the strain of reconfiguration (which it will describe during its special session at the AdMonsters Publisher Forum in Miami on March 12), but widespread integration is going to take a long while, and there will be notable holdouts. Because let’s be frank—Ads.cert and enhanced transparency within the auction is going to affect the bottom lines of many intermediaries.
Wither the Auction?
Despite its limited nature, Ads.txt is exposing the true price of premium inventory transacted through the auctions… And it’s not the penny-CPMs marketers once enjoyed on the open exchanges. Private marketplaces are not only expensive, they also take a fair deal of manual labor and collaboration to perform well.
For years, programmatic and remnant inventory were conflated, but that was never the intention. Buyers flocked to the exchanges not just for the enhanced control in targeting and better transparency (just about anything is a step up from an ad network), but because inventory was cheap. Arguably, the latter was the biggest driver.
What happens when auction inventory is no longer cheap? Or rather, when the majority of fraudulent inventory is excised from the market, revealing that valid programmatic inventory was never cheap? I think we’ll find out this year, if we aren’t seeing it already. I believe auction spend is going to start flowing into programmatic direct/guaranteed channels. Certainly buyers are already showing their preference for rate-steady preferred deals.
That’s not bad for larger, household-name publishers—especially if they’re smart about channel pricing. But it is bad for smaller publishers that truly leverage their valuable audiences in the open programmatic market. In theory, it’s limiting for advertisers, but as we’ve mentioned above, the fraud in the open market is so flagrant that neither the scale nor the supposed “low price” are worth it anymore.
UPDATE 2/12/19 8:48 am: Jud Spencer of The Trade Desk notes something interesting:
There is a lightly adopted property in OpenRTB 2.5 that could help here, pchain. PChain allows all of the intermediaries in a transaction to be identified. Increasing adoption of pchain (and plugging a couple of holes in it) could allow buyers to make “cleaner” decisions.
— Jud Spencer (@JudSpencer) February 12, 2019
I remember this being announced, but I was more intrigued at the time with the announcement about programmatic native support. PChain could be a good intermediary step in lighting supply chains as we work towards Ads.cert. However, it is based around the TAG Payment ID and requires TAG registration.
Also, I’ve been mulling this column over and realized I ducked out of a conclusion… If buyers move away from the open marketplace and then further toward programmatic direct (mainly with highly visible, well-known publishers), sure, it will be deterrent to fraud. But a lot of honest, smaller publishers will also suffer. Most SSPs and exchanges not named Google likely need resellers and those honest, smaller publishers to buoy their scale.
The DoubleVerify report has really hit it home that Ads.txt is not a cure-all, but next steps aren’t very clear. Of course, the anti-fraud vendors are using this to push their wares on buyers, but it should be noted that a lot of these rely on whitelists and blacklists that lose freshness as they’re being updated, and scanning isn’t 100% effective. We need a better programmatic market, and change must come from the inside.
Publishers need to be vigilant about choosing ethical resellers, but that’s a tough ask. How do you know who is a good guy? Well, you should really talk among your peers and with larger exchanges… and my marketing people would kill me if I didn’t mention that the AdMonsters Publisher Forum is an excellent place to do that. Happens we have one in Miami March 10-13.
And exchanges… It’s time to clean house. Kick the scummy resellers to the curb and actively police a zero-tolerance domain-spoofing policy. Because the programmatic reckoning has already begun, and it’s going to catch up with all of our bad acts sooner rather than later.