The IAB’s Ads.txt initiative is a way to reduce the ability of fraudulent publishers, or other parties in the supply chain, to profit through the technique of domain spoofing. ‘Domain spoofing’ involves the fraudulent party declaring their domain in the RTB request as being that of another site’s domain. Ads.txt currently only covers desktop and mobile web, and is not supported for Mobile App.
How It Works:
- Each publisher puts a .txt file (titled Ads.txt) on their website, demonstrating ownership of the domain (e.g. http://www.nytimes.com/ads.txt)
- Within the Ads.txt file, the publisher declares their authorised publisher IDs when selling their domain on each SSP (their IDs will vary for each SSP).
- Each SSP they declare they sell to are disclosed as a domain themselves (e.g. appnexus.com, or google.com for AdX).
- This means that buyers are able to cross-reference the declared publisher ID in the Ads.txt file (e.g. for 'nytimes.com' buying off 'rubiconproject.com', nytimes will appear as Publisher ID: 12330) with the Publisher ID being passed into the RTB request. If the domain is declared as 'nytimes.com', selling to 'rubiconproject.com', and the PublisherID is not 12330 - this is an unauthorised request.
Beeswax offers the ability to isolate Ads.txt domains both within QPS filtering, as well as Line Item Targeting - and will validate these bid requests against the Ads.txt values on the publisher’s page. If you would like to utilize Ads.txt functionality in your QPS filtering, please contact firstname.lastname@example.org with your request. Beeswax additionally offers a full breakdown of Ads.txt statuses within its logs which can be seen below.
Customers can ‘include’ or ‘exclude’ any of the following Ads.txt statuses below in both Line Item Targeting (under the ‘Inventory’ targeting section) and QPS Filtering.
Ads.txt Status Codes and Definitions:
|0 - No Domain|| Indicates there was no domain value on the RTB request. Without a domain we cannot determine if it is authorized or not.
This status includes site requests that do not have a domain value and all mobile app traffic.
|1 - No Ads.txt file|| Indicates that there was no ads.txt file available for us to crawl on that domain.
Without an ads.txt text file we cannot determine whether the request is authorized or unauthorized.
|2 - Ads.txt file not scanned||Indicates that there may be an ads.txt file on that domain but we had an issue scanning it. This could be because it’s malformed or for some other reason. It could also mean that the domain was seen so rarely that we did not yet scan it.|
|3 - No advertising allowed||Indicates that the publisher explicitly put an empty ads.txt file on their domain. Per the IAB standard this means that no advertising is allowed via RTB. For example, all youtube.com requests will get this code.|
|4 - Not authorized - Missing publisher ID||Indicates a missing publisher_id value on the RTB request. Without a publisher_id value we cannot verify if it is authorized or not.|
|5 - Not authorized||Indicates that the publisher_id in the request does not match the publisher ID in their ads.txt file.|
|6 - Authorized - Reseller||Indicates that the Publisher has authorized another entity to control the account indicated in the SSP/Publisher ID combination to resell their ad space.|
|7 - Authorized - Direct||Indicates that the Publisher directly controls the account indicated for the SSP/Publisher ID combination.|