Ads.txt is a fairly system that was developed by the Interactive Advertising Bureau (IAB) to help combat ad fraud. The system is just a txt file that publishers can add to their webserver. The file will list all authorized inventory sellers, so that unauthorized reselling as well as domain spoofing can be combatted. The system itself is quite simple, but as we are now learning, even this anti-fraud effort can fall victim to fraud.
Publishers have reported that other third-party sellers have begun contacting them to be added to their ads.txt files. The vendors claim that they were attempting to generate new business partners, especially those who they were already advertising on through networks.
Thrive+ is one company that was working to get on to different website’s ads.txt files, and it seems they were quite successful for some time. They were on 65 different ads.txt files, including major sites like Salon and Dingit.tv. These sites didn’t realize that they shouldn’t be there, and have since removed the company from their files.
Dan de Sybel is the CTO of programmatic agency infectious media, and said, “They want to pass themselves off as a legitimate source for selling this inventory. Buyers do not need to be added to ads.txt, only sellers.”
Thrive+ claims that they were simply trying to build up relationships with a variety of potential customers. They even said that some of the accusers were defaming their company.
Whether Thrive is guilty of fraudulently getting on these files, or they were just attempting to reach out to sites where they would like to advertise is something to be debated by the various companies (or their lawyers). What is clear, however, is that such a low-tech way of stopping fraud certainly has some potential issues. Anyone with even a little bit of social engineering skill could likely get their site listed on the ads.txt pages of some companies, which opens the doors for significant fraud.