Since the introduction of Ads.txt, one of the industry’s key weapon against AdFraud, fraudsters have invented ways to exploit and subvert it, targeting the vulnerabilities of the tool.
In theory, ads.txt files help advertisers avoid illegitimate sellers who arbitrage inventory and spoof domains. The reality is the files are also fertile ground for fraudsters because policing them has been an ongoing battle for both pubs and buyers.
Looks like pubs list AdTech vendors and resellers even when they no longer work with them as they help drive up the price of their inventory, while buyers don’t really check the lists with bots that generate fake browser data.
The latest example of this type of fraud is called the 404bot. The 404bot is essentially domain spoofing, which is when fraudsters impersonate a pub’s webpage.
With the 404bot, there is no inventory, and it shows ads to bots, not humans. But, since the partner was listed by the pub, buyers had no easy way to determine that the domain was spoofed.
FYI: DSPs can track fake URLs in their inventory, in addition to buying only from ads.txt-compliant paths to supply.
For 2 years, the 404bot worked unchecked, exploiting a flaw that cost advertisers $15 M in wasted video ads.
Turns out, ads.txt is not reducing fraud at all.
Other sources: see in the LinkedIn comments.