Anti-fraud tool Ads.txt looks vulnerable in botnet scam revelation

DoubleVerify identified an Ads.txt exploit that could have cost advertisers millions.

Robin Kurzer on February 8, 2019 at 1:20 pm

Third-party measurement and authentication company DoubleVerify announced Thursday that it identified an exploit in Ads.txt, giving way to concern over the effectiveness of the industry-accepted fraud-fighting tool for programmatic ad buying and selling.

DoubleVerify estimated that had the exploit not been detected, the scammers could have diverted between $70 million and $80 million of advertisers’ spending a year.

Ads.txt, which stands for Authorized Digital Sellers, is a text file that publishers place in their site code, identifying authorized ad sellers to ad buyers. The protocol was introduced by the Interactive Ad Bureau (IAB) Tech Lab in 2017.


Publishers: be vigilant

Though DoubleVerify first identified the scam in late 2018, the news on Thursday rang a warning bell for publishers to be more vigilant in who they partner with, and who they approve to sell ads on their site.

Chris Hallenbeck, director of marketplace quality for ad exchange OpenX, says that the news is “an important reminder that we all — publishers, buyers and technology companies —  have a shared responsibility to stomp this bad acting out.”

“Key to mitigating the effects of any new type of fraud, including this one, is cleaning up the industry at large and pushing out companies who refuse to make the requisite investments in quality measures,” Hallenbeck said. READ MORE