DoubleVerify uncovers rampant ads.txt manipulation fueling sophisticated programmatic fraud
DoubleVerify has exposed methods used by fraudsters to bypass and exploit the IAB Tech Lab's ads.txt standard, highlighting vectors such as site scraping, domain spoofing, and programmatic impersonation via AI-generated 'Synthetic Echo' networks. The article details best practices for both publishers and programmatic platforms to tighten ads.txt parameters and maintain ad supply chain integrity.
Key Takeaways
- Fraudsters are using 'Synthetic Echo' networks of 200+ AI-generated sites to mimic trusted domains like NBC and CBS.
- Bad actors clone ads.txt files from reputable publishers, such as CNN and Cracked.com, to gain false legitimacy with SSPs.
- DoubleVerify observed a significant increase in ads.txt manipulation over the last five years, specifically targeting direct and reseller entries.
- Bloated ads.txt files and lax reseller vetting standards are cited as the primary entry points for low-quality non-human traffic.
Why It Matters
The systematic exploitation of ads.txt undermines the primary transparency standard of the programmatic ecosystem, rendering basic verification insufficient. For the streaming industry, where high CPMs on CTV and mobile video attract sophisticated attackers, this means that listed 'Authorized Sellers' no longer guarantee supply chain integrity. Advertisers must shift toward deeper Supply Path Optimization (SPO) and real-time Sellers.json validation to distinguish between legitimate inventory and AI-driven clones. Watch for the IAB Tech Lab to push for broader adoption of the ads.txt 1.1 MANAGERDOMAIN field to help publishers assert exclusive ownership over their seller relationships.
Additional Context
The rise in ads.txt exploitation coincides with a broader surge in sophisticated invalid traffic (SIVT) across the industry. Per DoubleVerify's 2024 Global Insights Report June 2024, new ad fraud schemes and variants increased by 23% globally in 2023, with unprotected advertisers facing violation rates as high as 17%. The report specifically noted that bot fraud variants targeting streaming platforms, including CTV and audio, grew by 269% year-over-year. This growth is largely credited to generative AI, which allows fraudsters to falsify data patterns and mimic human-like interaction more effectively than previous bot generations. In the CTV sector, the risk is further amplified by complex distribution chains. According to Pixalate's August 2024 data, app spoofing—a direct relative of the domain spoofing seen in ads.txt—affected 46% of invalid traffic on Apple TV apps and 45% on Roku. To combat these vulnerabilities, the IAB Tech Lab introduced updates like ads.txt 1.1 in 2022, adding the OWNERDOMAIN and MANAGERDOMAIN fields. Per IAB Tech Lab January 2024, these updates are intended to bridge gaps between ads.txt and sellers.json, specifically to support Supply Path Optimization by helping buyers confirm the directness of a relationship before purchasing inventory. Simultaneously, industry watchdogs are increasing pressure on programmatic intermediaries. According to MediaPost June 2024, the proliferation of 'Made for Advertising' (MFA) sites—which often use the plagiarized ads.txt files identified in the Synthetic Echo scheme—now accounts for roughly 21% of programmatic impressions. In response, groups like the Association of National Advertisers (ANA) have called for more stringent log-level transparency and a reduction in the number of authorized resellers to minimize the attack surface for bad actors who exploit loosely managed seller lists.
Read full article at doubleverify.com