Although the ads.txt initiative seems to be off to a good start, there’s still room for improvement.
Ads.txt was created to address authorization issues within the digital advertising ecosystem. In theory, before making a purchase, distributors and buyers may reference a publisher’s ads.txt file to make sure they’re buying authorized, legitimate inventory.
But of course, fraudsters are finding ways to work around the ads.txt system. Illegitimate publishers can easily copy ads.txt files from reputable sites and pass them off as their own. Unsuspecting buyers might not verify the information in the ads.txt file for accuracy and go ahead with purchases, only to find out they wasted their money on phony inventory.
Even worse, ads.txt files don’t have to specify what types of inventory vendors can sell. Fraudsters can repackage inventory without prior authorization, going as far as falsifying domain names, IP addresses, and media types.
To combat this shady practice, in September 2017, the IAB Tech Lab released a draft of OpenRTB 3.0, the latest update to the OpenRTB protocol which sets the industry standards for real-time automated bidding. Version 3.0 introduces an upgrade to ads.txt named “ads.cert.”
Ads.cert in Action
Acting as a complement to ads.txt, the ads.cert process is designed to authenticate inventory as it moves through the digital supply chain during real-time bidding.
Neal Richter, co-chair of the OpenRTB working group, uses the analogy of buying a Rolex to illustrate the need for both ads.txt and ads.cert: you need to confirm you’re dealing with an authorized reseller, then make sure you’re buying a certified Rolex watch instead of a cheap knock-off.
In theory, publishers and exchanges can mark inventory with digital signatures, recording notable data points like domain, publisher ID, and bid request timestamps. The signatures act as traceable paths and can’t be altered by anyone other than the original “signer.” Buyers can then reference a publicly accessible key to confirm that the inventory they’re buying is indeed coming from a valid, verified source.
Because the ads.cert process is only compatible with the newly drafted OpenRTB 3.0 protocol, not many industry players have adopted the tool. But as more shift from Version 2.5 to 3.0, expect to see ads.cert grow in popularity.
Richard Kahn
