Skip to main content

The Globe and Mail

Domain spoofing: The advertising industry fights back

Domain spoofing has been a problem for years, but conversations about the problem were given renewed vigour with the ‘Methbot‘ scheme revealed early this year.

ipopba/Getty Images/iStockphoto

The scam involves 34,000 domain names, luring advertisers to spend as much as hundreds of thousands of dollars a day on what looks like quality ad space – but is actually on fake sites with sizable traffic from bots instead of human visitors.

The operation, dubbed "Hyphbot," was uncovered this week by Denmark-based advertising-technology firm Adform and has provided renewed urgency to those in the advertising industry trying to fight such tactics.

"It's really important to leverage these stories as opportunities to renew interest in securing the supply chain," said Sonia Carreno, president of the Interactive Advertising Bureau (IAB) in Canada.

Story continues below advertisement

For the IAB, that means another occasion to push the industry to adopt Ads.txt, a simple way for publishers to communicate to marketers just which ad exchanges carry legitimate inventory from them. The text code, which can be embedded on a website only by the site's owner, was created by the IAB's Tech Lab to allow both automated ad exchanges and buyers that use them to verify that an ad space for sale is legitimate.

One point of the program is to combat "domain spoofing," a common fraud tactic in which fake ad space is put up for sale but made to look as though it's coming from a legitimate website.

Domain spoofing has been a problem for years, but conversations about the problem were given renewed vigour with the "Methbot" scheme revealed early this year. WhiteOps, a firm that conducts fraud detection, called it "the largest and most profitable ad fraud operation … to date." The operation created more than 6,000 websites that appeared to belong to well-known U.S. publishers, gamed programmatic (or automated) exchanges to sell video ads on those fake sites, directed bots to "view" those ads, then collected the money advertisers paid for those clicks. Video ads are a particular target for such schemes because they command a higher price. WhiteOps estimated the scheme drew $3-million (U.S.) to $5-million a day, starting late last year.

The Hyphbot scheme revealed this week has been running since August, according to Adform, and the firm estimates the network of bots it uses is three to four times larger than the one used in Methbot.

"Look at how the ad industry has transitioned. Previously, you had advertisers working directly with publishers. Then, for a while, you had the ad-network model – one trusted third party that was in the middle facilitating that relationship. Now, it's a very crowded space. You have all these third parties in between," said Rick Abell, vice-president of global publisher development for ad technology firm Exponential, which has been advocating for Ads.txt adoption among its clients.

"In many cases, the advertiser and the publisher have grown pretty far apart. … Any lack of transparency creates less clarity in terms of what is happening in that ad chain. Fraudsters are going to thrive in complex, convoluted environments," Mr. Abell added. "We've seen publishers already get requests to put code on their Ads.txt page [authorizing a seller], and they're not familiar with that partner – that's good. You should know who all your partners are in the value chain."

Since it was announced in May, more than 35,000 publishers have adopted Ads.txt worldwide, according to the IAB. While adoption was somewhat slow in the beginning, Google's support has helped encourage growth, Ms. Carreno said. Since September, Google has announced that its programmatic buying platform, which is among the biggest in the industry, would only buy from verified sources, when an Ads.txt file was available, and that its selling platforms would begin filtering out unauthorized sellers, when identified by a publisher's Ads.txt file.

Story continues below advertisement

Spoofing hurts both marketers and publishers. The advertiser wastes money putting ads in front of bots and on low-quality sites, where they wouldn't want to be seen, and the reputable publisher that could have sold them legitimate ads loses out on much-needed revenue.

In September, the Financial Times looked into the issue and found spoofed FT ads for sale on 10 exchanges and spoofed video ads on 15 exchanges – for a total value of roughly £1-million (more than $1.6-million). Fake FT ads were offered by roughly 300 accounts.

"Advertisers can't abdicate their responsibility in the supply chain," Ms. Carreno said. "As procurement [departments] have taken over the decisions on working with [media-buying] agencies, the pressure has been to get high amounts of inventory at low cost. Just because one agency can offer to [buy ad space] at a fraction of the cost of another agency, that's not valid as a decision-making rationale any more. … It's very easy to say, 'I need transparency.' But all of this could have been avoided had there not been this downward pressure on prices – had we not seen digital as this weird dollar-store outlet for media."

Advertisers and their media buyers should be exerting more pressure on exchanges where fraudulent inventory is found for sale, said Jason Kint, CEO of Digital Content Next, an industry association representing publishers including The New York Times and FT.

"The buyer has to stop buying the Rolex watches on the street corner," he said.

Report an error Editorial code of conduct Licensing Options
Tickers mentioned in this story
Unchecking box will stop auto data updates
As of December 20, 2017, we have temporarily removed commenting from our articles as we switch to a new provider. We are behind schedule, but we are still working hard to bring you a new commenting system as soon as possible. If you are looking to give feedback on our new site, please send it along to If you want to write a letter to the editor, please forward to