Originally published on AdExchanger on June 17th, 2014
The challenge of combatting online ad fraud has received intense publicity in recent months.
The digital advertising industry, in conjunction with the IAB, has several initiatives and committees dedicated to fighting ad fraud from within. Yet as numerous articles have made clear, industry participants are not winning the battle against ad fraud alone. It is an industrywide problem that plagues advertisers, ad networks, exchanges and online publishers.
While some ad tech companies have misaligned incentives and don’t want to take the financial hit of battling the ad fraudsters head-on, there are others for which, despite good intentions to clean up their networks, it simply doesn’t make sense for them to fight ad fraud alone. It’s too risky, costly and ineffective. It’s like fighting a forest fire by lobbing water balloons.
If you want to see where fraud is headed, look no further than email spam as a comparison. Email spam is still with us, but we have in many ways learned to tame it. We can also learn to control ad fraud if the industry begins with simple steps, such as sharing the data they have gathered about fraudulent traffic.
Most ad tech companies have polices against buying, selling or otherwise doing business with publishers and domains suspected of engaging in fraudulent advertising activity, which is defined as artificially garnering page impressions for the purpose of generating higher revenues.
A common practice involves maintaining a blacklist of sites that block transactions before they reach the marketplace. Industry players have expressed interest in sharing these blacklists as a path toward cleaning up the ecosystem, without giving any one firm an unfair competitive advantage.
I believe that we can take a cue from the email marketing industry and see how email providers and ISPs have used shared data to prevent phishing, viral content and other forms of malicious email from infecting the inboxes of consumers.
Stopping Ad Fraud, Stopping Spam
Dozens of companies and groups maintain domain and IP address blacklists, flagging either domains known to send spam or the IP addresses of the mail servers of origin. ISPs and third-party email management services subscribe to these blacklists – technically termed Real-Time Blackhole Lists (RBLs) – and either tag as spam or outright reject email from reaching the end user.
Various processes are in place to ensure that good senders are not lumped in with the bad. These range from strict standards by the blacklisting firms to include only known positives, to the use of domain keys to certify the outgoing domain. Nevertheless, most reputable senders have found themselves on an RBL at one time or another, necessitating the use of remediation processes by the company’s system administrators or development operations teams. Correspondingly, trusted RBLs all have some form of remediation process in place to remove false positives from their lists.
From a consumer and marketing standpoint, the implementation of these blacklists has been highly successful. Nearly all mail services and clients now have a default spam folder which fills up with these flagged messages, providing them with greater trust in the email that lands directly in their inbox, relieving them from sorting through the junk themselves or building filters that match all the variant spellings of Viagra through which the spammers attempt to slip. Similarly, legitimate email senders, especially marketers, know that their messages now stand a greater chance of being viewed without the surrounding pollution of email spam.
Creating such an ecosystem in which SSPs, exchanges and DSPs access remote domain and IP address blacklists seems well within reach. Participating companies, including nonprofits and third-party vendors, would make these blacklists available via API. Guidelines would be set by the IAB or an industry nonprofit such that only lists meeting a certain standard could be trusted. Such guidelines would include:
- The specifications for a review and remediation process for domain and IP address owners.
- Criteria for ensuring that blacklist entries are well-vetted and not chosen arbitrarily or capriciously.
- Restrictions on the free publication of complete lists of domains and IP addresses.
Blacklist pooling offers legitimate players in online advertising the opportunity to join together to promote high-quality traffic, reward good publishers and shame bad actors, while simultaneously diluting the cost of lost revenue opportunities. Greater trust and goodwill will be afforded to the industry as a whole, resulting in higher advertising revenue and creating new premium opportunities for programmatic campaigns.
Raising the cost to the point at which there is little or no financial incentive is probably the single most critical factor in eliminating fraud. Pooled blacklists ensure that domains bought and built for the express purpose of ad fraud are removed from the system, increasing both the costs and risks associated with creating such sites.