Most-Spoofed Domains, Not Enough Humans on Earth

Sometimes I like to take a stroll through large data sets, like I did yesterday, looking at potential impressions by domain and app -- data that media buyers use for planning. And sometimes I find interesting things. What follows are a few things advertisers should be aware of, and ask their media agencies, especially if they are entrusted to spend large sums of media dollars for you.

Top Most Spoofed Domains

The following table lists the largest domains by potential impressions. This is data for the last 30 days (e.g. monthly). The "potential impressions" column means ad opportunities (equivalent to bid requests). It doesn't mean ads served, because buyers still have to bid on these opportunities, win the bid, and then get the right to serve the ad. I would also not read too much into the exact quantities; just think of these numbers for ballparking purposes. Relative quantities, though, can be used -- for example yahoo.com has more volume than foxnews.com.

The second column shows the quantity of potential impressions that are ads.txt authorized. And note how closely these quantities match potential impressions. The third column shows the percent difference -- usually no more than 1%. This is great news because Google is reporting potential impressions as the ones that are "authorized" - from domains that have ads.txt, and hopefully ads.txt entries that have been matched to sellers.json entries from the ad systems. For now, we will assume it is. Note however, the column of "unknown and unpermissioned inventory source." Note the first few rows shows 609 billion, 101 billion, 356 billion (monthly). These are the bid requests that are spoofing yahoo.com, dailymail.co.uk, and mail.yahoo.com, respectively. Note the ratio in the rightmost column -- that means there is 42X more fake inventory for yahoo.com than there is real.

Everyone IN the industry will be quick to tell you "we never touch that stuff" and that doesn't happen on our exchanges. But, even if not at those quantities, we are still seeing domain spoofing working well for fraudsters and for sites like breitbart[.]com and thegatewaypundit[.]com which continue making ad revenue, despite their domains being blocked for years. See: Dark-Pooling At Scale Using IAB's ads.txt Protocol

Further data from deepsee.io (chart below) shows that only 60% of sellerIDs in ads.txt files could even be found in sellers.json files from ad exchanges. And of those 18 - 45% could not be matched - this means direct was incorrectly marked as reseller (18% error), or reseller was incorrectly marked as "direct" (45% error). Overall, only about 45% of sellerIDs could be found and matched correctly to sellers.json data. Do you know of any ad exchanges that are blocking the 55% of the volume that doesn't match? If the exchanges are not doing this matching, then you are exposed to the "unauthorized and unpermissioned" inventory stated above. You are buying faked yahoo.com, msn.com, etc.

The best way to avoid domain spoofing fraud is to buy direct from the publisher. The next best way is to ask your programmatic sources to show you proof that they checked ads.txt files, matched the sellerIDs to sellers.json files, AND show you proof that they reconciled each domain and the sellerID that got paid. (Fake sites or breitbart[.]com put someone else's domain in the bid request (domain spoofing) but put their own sellerID in the bid request so they can make money.) If your media agency or the exchanges they buy through don't show you this detailed proof, why not? And while you are at it, ask your agency for CPM breakdowns by domain (what CPM price they paid for each domain your ads appeared on).

Across All Inventory Sources

The following is for gut check purposes... when I summed up the columns we see 40 trillion potential impressions per month. This matches closely the nearly half a quadrillion number I quoted before (12 months x 40 trillion /mo = 480 trillion /year). How many humans are there on earth, that are not babies and old people, and who have electronic devices and internet connections?

Top Apps By Monthly Volume

The following are mobile apps. We've all known, and have seen endless documentation of the scale of ad fraud in mobile, especially apps. Here's a glimpse of just how much. The first image below shows what stacked ads look like. When you see 8 x "ads.mopub.com" next to each other on the same row, it means 8 iframes were stacked/nested on top of each other; when there is 4, that means 4 stacked ads. etc. Note some of the top apps by volume, listed in the table below. Do you recognize any of them? I highlighted some that humans would recognize, like AccuWeather, Subway Surfers, ESPN, etc. for quantity comparison purposes. For example "imo free video calls" (79 billion) has 150X more volume than ESPN (0.5 billion) per month. Hmmm.

See: Mobile Fraud is Rampant Beyond Belief (2018)

Some of these quantities above are clearly absurd. Some are domains and apps that humans have never heard of let alone use in large quantities. But yet there are truly enormous numbers of ad impressions you could buy from them. If your priority is showing ads to humans, you should not take my word for it; but you should look more closely at this yourself and get more data from your media agencies and the exchanges they buy from. But if your priority is to buy as many ad impressions as possible for as low cost (CPM prices) as possible, keep calm and carry on. I get it, you have to spend all your budget; otherwise you won't get as much next year. But consider what your CFO or CEO would say if they found out this was the case. You may not get any budget next year, and you may not have a job either. Consider yourself warned.

See: Video Giant Joyy Dives After Muddy Waters Labels It a Fraud "Joyy’s livestreaming service YY is “guilty of bot forming, creating fake transactions and having fake users.”

Can you figure out from the following chart how much time humans have to surf the internet, use mobile devices and social media, and stream videos?