From A to C: What You Need to Know About Ads.cert

Richard Kahn - April 19, 2018

Although the ads.txt initiative seems to be off to a good start, there’s still room for improvement.  

Ads.txt was created to address authorization issues within the digital advertising ecosystem. In theory, before making a purchase, distributors and buyers may reference a publisher’s ads.txt file to make sure they’re buying authorized, legitimate inventory.

But of course, fraudsters are finding ways to work around the ads.txt system. Illegitimate publishers can easily copy ads.txt files from reputable sites and pass them off as their own. Unsuspecting buyers might not verify the information in the ads.txt file for accuracy and go ahead with purchases, only to find out they wasted their money on phony inventory.

Related Post: 5 Ad Fraud Questions All Media Buyers Need to Ask

Even worse, ads.txt files don’t have to specify what types of inventory vendors can sell. Fraudsters can repackage inventory without prior authorization, going as far as falsifying domain names, IP addresses, and media types.

To combat this shady practice, in September 2017, the IAB Tech Lab released a draft of OpenRTB 3.0, the latest update to the OpenRTB protocol which sets the industry standards for real-time automated bidding. Version 3.0 introduces an upgrade to ads.txt named “ads.cert.”

Ads.cert in Action

Acting as a complement to ads.txt, the ads.cert process is designed to authenticate inventory as it moves through the digital supply chain during real-time bidding.

Neal Richter, co-chair of the OpenRTB working group, uses the analogy of buying a Rolex to illustrate the need for both ads.txt and ads.cert: you need to confirm you’re dealing with an authorized reseller, then make sure you’re buying a certified Rolex watch instead of a cheap knock-off.

Related Post: Why You Need to be Testing Your Demand Side Platforms

In theory, publishers and exchanges can mark inventory with digital signatures, recording notable data points like domain, publisher ID, and bid request timestamps. The signatures act as traceable paths and can’t be altered by anyone other than the original “signer.” Buyers can then reference a publicly accessible key to confirm that the inventory they’re buying is indeed coming from a valid, verified source.

Because the ads.cert process is only compatible with the newly drafted OpenRTB 3.0 protocol, not many industry players have adopted the tool. But as more shift from Version 2.5 to 3.0, expect to see ads.cert grow in popularity.

 

New Call-to-action

Richard Kahn

Rich Kahn is the Co-Founder and CEO of Anura.io, an ad fraud solution that monitors traffic to identify real users versus bots, malware, and human fraud. Anura is the culmination of more than a decade of fraud detection efforts within digital marketing firm eZanga.com, which Rich also co-founded and owns. Previously, Rich held management roles at Verizon Wireless and Bloomberg, before starting his own internet service provider, First Street Corporation. He co-founded Paid for Surf, an advertising software company, and was the COO of the pay per click advertising network AdOrigin. Rich is considered an industry expert, having over 25 years of global experience with internet technology, digital advertising, ad fraud management, and elimination.