The digital advertising industry is booming. eMarketer expects the worldwide spending for digital ads to reach $389 billion and account for 56.1% of total media ad spending in 2021. But with that increase comes a problem: ad fraud. Over the past decade, it has been one of the most discussed topics among advertisers and publishers.
One of the big names in ad fraud was Methbot that made the headlines for embezzling $3 to $5 million per day from advertisers in early 2016. And it was up to the publishers to put an end to spoofers once and for all.
“Methbot, the most profitable ad fraud operation to date, has spoofed 250,267 distinct URLs to falsely represent inventory.”
In order to curb ad fraud, the Interactive Advertising Bureau (IAB) Tech Lab introduced ads.txt in May 2017. However, the adoption of ads.txt picked up when Liane Nadeau, VP and Director of Programmatic at DigitasLBi wrote an open letter to all the publishers giving an ultimatum that if the publishers did not start using ads.txt, they might lose some advertisers.
With no further ado, let’s understand ads.txt in detail.
Table of Content
- What is Ads.txt?
- How does Ads.txt work?
- How to create Ads.txt?
- How to implement Ads.txt?
- Is it Mandatory?
- How to validate Ads.txt?
- The adoption rate of Ads.txt
- Difference between Ads.txt and Ads.cert
- What’s next?
What is Ads.txt?
Ads.txt is a publicly available text file where a publisher lists partners authorized to sell and resell its ad inventories on a website. This allows the advertisers to check the validity of the ad inventories they purchase. In the open letter, Liane Nadeau has explained ad fraud and ads.txt with a metaphor.
“It’s a tricky concept. Let’s try a metaphor. It’s a lot like counterfeit bags. You don’t want anyone selling fake versions of your premium bag on Canal Street, as it cheapens your brand and you lose a potential sale. We as buyers don’t want to be duped into buying a fake bag because it’s of poorer quality. So, if you publish a list of retailers that are authorized to sell your bag, we can check it out to make sure we buy one that’s legit. Everybody wins.”
It is designed to eliminate domain spoofing where the fraudsters convince an advertiser to run ads on their websites by presenting themselves as the owner of a premium website. But in reality, the ad gets served on a low-quality website with fake traffic. Thanks to the ads.txt file, publishers can now prove themselves as legitimate partners.
How does ads.txt work?
When a publisher uploads the ads.txt file to the domain, advertisers/brands use Ads.txt crawler, a python script, to crawl the list of domains and see which publishers have an ads.txt file. Once they have the domains with ads.txt, they can reference this list to match IDs (Seller Account IDs) in the bid requests.
If the ID doesn’t match, it implies that the inventory is not coming from an authorized domain. As a result, they stop bidding on the particular domain’s inventories.
How to create Ads.txt?
There’s a syntax recommended by the IAB to list the partners and you have to create your ads.txt file by putting every partner into the syntax. In the end, you’ll get a list of partners represented in a prescribed way. Here’s how to create an ads.txt file.
*Ads.txt can be seen by anyone. You can check by typing the root domain name followed by “/ads.txt”. For example, here’s an example of BuzzFeed’s ads.txt file (can be checked at www.buzzfeed.com/ads.txt).
How to implement ads.txt?
All you have to do is drop the text file on your web servers with the lists of the ad-tech partners (SSPs, Ad Exchanges, etc.) that are authorized to sell your ad inventories. Similarly, ad-tech platforms should support ads.txt files to confirm which publishers’ inventories they are authorized to sell. This allows buyers to check the validity of the inventory they purchase.
Is Ads.txt Mandatory?
As per google, Ads.txt is not mandatory. But it is highly recommended to have one. Having ads.txt can help protect your brand from forged inventories that are intentionally mislabeled as originating from a specific domain, app, or video. Declaring as an authorized seller can help you receive advertisers’ spend without going towards forged inventory.
How to Validate Ads.txt?
At Automatad, we launched a tool to let you validate your ads.txt file. You can simply enter your domain or upload the ads.txt file you’ve created to validate. Here’s how to run the validator.
The adoption rate of Ads.txt
In just a short period of time, ads.txt has become the undisputed standard for digital publishers around the globe. According to Kevel (formerly known as AdZerk), over 93% of US publishers have adopted ads.txt.
But have you ever wondered what does the ads.txt file of publishers tells about the supply chain in programmatic advertising? This article will provide you insights into Alexa’s top 2000 websites in the US and inferences that could improve the advertising on the open internet.
Difference between Ads.txt and Ads.cert
Ads.txt is a good thing and in theory, the way that ad exchanges and SSPs selling ad inventory should be working. Yet it hasn’t been a completely effective solution for the industry. Fraudsters and shady third parties could still trick the advertisers by manipulating the ads and content on the publisher’s websites. For instance, a fraudster can copy the seller’s ID from a legit publishing website, and use the same ID on a spoofed website.
This is where ads.cert comes in. So, what is it, and how is it different from ads.txt? Ads.cert is an upgraded version of ads.txt that allows advertisers and ad tech companies to verify supply paths at each stage and ensure the inventory details aren’t manipulated/modified.
It signs the bid requests cryptographically and validates the data such as publisher’s domain, user’s device, user’s IP address, ad impression type, and more. Since the bid requests are cryptographically signed, advertisers use a ‘public key’ to confirm if the ad inventory is legit or not.
Here’s how ads.cert work:
- A publisher generates two keys – Public and Private. A Public key is secured but accessible by the partners that validate the bid request against the signatures. On the other hand, a Private key is secured and accessible for the partners that generate and sign the bid requests (e.g. SSPs)*.
- The SSPs attach an encrypted signature to the bid request and send it to the DSPs along with other details such as available ad impressions, publisher’s niche, domain, preferred language, etc.
- When the DSPs receive the bid request, they generate another signature for the same bid request. Now, the DSPs compare their signature with the signature sent by the SSPs to check whether the bid request is legit or not.
If there is any alteration in the signed elements, the DSPs can identify it and reject the bid response.
Now the question is why ads.cert hasn’t been widely adopted despite the fact that it was rolled out in 2018 and offers greater transparency. It is because ads.cert depends on OpenRTB 3.0 framework and the industry is still at OpenRTB 2.5. So, will ads.cert replace ads.txt? For now, we can say no. In fact, ads.cert and ads.txt complement each other.
“Together, these technologies are a powerful combination in fighting fraud to allow buyers to check for authenticity and authorization of the sales channel.”
– IAB (Src)
Ads.txt aims to help publishers combat fraud by regulating the way publishers and resellers advertise and sell their inventory. It’s become clear in recent months that the initiative has gained traction across the industry.
However, there is no ‘set-it-and-forget-it’ solution in the programmatic ecosystem. Publishers have to update the ads.txt file every time a new seller has been allowed to sell their inventory. In addition, publishers have to remove the outdated resellers or sellers to prevent any loss of revenue. For this reason, at Automatad, we always ensure that our publishing partners keep their ads.txt files updated. Finally, in case of any questions on ads.txt, be sure to contact us.