Issue No.6, March 2021

IAB Tech Lab Releases ads.txt and app-ads.txt Standard for CTV and OTT Inventory



The connected TV (CTV) marketplace is complex, which necessitates a unique approach to fighting fraud, growing ad spend, and ensuring transparency among buyers and sellers. The updated ads.txt standard introduced by the IAB Tech Lab provides buyers the ability to model inventory sharing in CTV and over-the-top (OTT) environments.

Neal Richter, Chief Scientist at SpotX and Chairperson of the IAB Tech Lab Board, explains, “The update to ads.txt for connected TV inventory is critical to ensure that the sector is armed with the tools to fight fraud and grow ad spend. We look forward to providing this standard that buyers have relied on when buying web and mobile digital inventory to connected TV. This update will arm sellers with the ability to model the complex relationships in CTV needed to ensure that a seller and inventory are legitimate.”

The ads.txt and app-ads.txt specification focuses on preventing the sale of counterfeit inventory and was previously available for web and mobile inventory. It provides a flexible and secure method for media owners and distributors to declare the companies they authorize to sell their digital inventory by listing those authorized companies in a text file added to their domain. Buyers can then view a publisher’s ads.txt file to authenticate that inventory is coming from an authorized seller.

The revision includes three core changes to support CTV:

  1. The first is an extension of the meta-tag mechanism to the various CTV platform app stores, as well as publicly exposing links to access each app via a uniquely assigned bundle ID.
  2. The second is the passing of standard bundle IDs in the OpenRTB spec as well as the app store's URL for the ID.
  3. Third is the inclusion of a new “inventorypartnerdomain” directive for CTV publishers to refer to inventory-sharing partners and their authorized ads.txt files.

SpotX is ready and willing to help publishers curate their files and to help CTV platforms upgrade their app stores to support crawling and metadata indexing. We are readying an upgrade to our crawler and OpenRTB support for the spec.

With the fast growth of CTV advertising, it is critical to to develop these standards to ensure ad quality throughout the ecosystem. Bad actors will always follow the money, which means fraud and transparency continue to be at the forefront of CTV and OTT. Major fraud schemes in 2020 (such as ICEBUCKET, StreamScam, or ParrotTerra) could have been drastically reduced in size and impact if app (ads.txt) was widely adopted and media was only bought from entries within those files. This initiative gives control back to the media owner, allowing them to hold the keys to who can and cannot represent their brand programmatically, thus preventing bad actors from stealing and misrepresenting their name.

The ads.txt update is available for industry adoption. SpotX encourages media owners to implement files and buyers to only purchase what’s listed in app-ads.txt files.

What You Need to Know About the StreamScam and ParrotTerra Ad Fraud Operations

In December of last year, Oracle’s Moat uncovered the StreamScam CTV ad fraud scheme. The operation spoofed more than 28.8 million US households, including approximately 3,600 apps and 3,400 CTV device models. All in all it cost advertisers more than $14.5 million. Soon after, DoubleVerify uncovered the largest CTV ad fraud scheme to date, ParrotTerra, which spoofed 3.7 million devices and 2.7 million IP addresses per day.

SpotX has been aware of and accounted for invalid traffic (IVT) in CTV environments from the onset of transacting this inventory programmatically. Our full-time, in-house Inventory Quality team understands this in great detail and works every day to protect media owners from being victimized by bad actors involved in fraud rings, such as StreamScam and ParrotTerra, and to ensure advertisers are only able to purchase high-quality CTV impressions delivered and seen by humans.

Oracle’s MOAT, via The Trustworthy Accountability Group, held an industry briefing on January 12, 2021 around StreamScam. During this briefing, they released a sample of StreamScam fraud signatures in order for companies to run impact reports.

SpotX has already conducted a full analysis of these signatures and can proudly say that none of this inventory was made available within our platform. If you’d like to run your own analysis, please reach out to threatexchange@tagtoday.net for the information on how to do so.

DoubleVerify's Fraud Lab blocked ParrotTerra, and SpotX confirmed that this scheme had no impact on our inventory.

Oracle also discussed some best practices to avoid this type of behavior, which you can learn more about in its recent webinar. SpotX follows all of these principals, plus many more. These are the best practices we recommend you follow to protect yourself from fraud in CTV.

News and Opinions

A lot has happened since we published our last issue. Here’s what our Inventory Quality team has been reading.

Lessons Learned From SPO 1.0: Whether you’re in the midst of your supply path optimization journey or just starting out, these four important lessons from Jounce Media will help guide you through what’s ahead.

New CTV Fraud Scheme Dwarfs Previous Attacks: DoubleVerify’s Fraud Lab blocked ParrotTerra, a recent CTV fraud scheme in which fraudsters generated fake CTV inventory across countless apps, IPs, and devices. DoubleVerify is a long-standing SpotX partner, and we verified this scheme had zero impact across our inventory.

MRC Accredits DoubleVerify For CTV Measurement: DoubleVerify is now accredited by the Media Ratings Council for its display and video ad impression measurement and filtration of invalid CTV traffic. This DoubleVerify and SpotX webinar will also share everything you need to know about measuring performance and quality on CTV.

Integral Ad Science Acquires Amino Payments: Through its acquisition of Amino Payments, a leading provider of programmatic advertising transparency, IAS is investing further in ad verification and transparency for programmatic buying.

The CTV Fraud Arms Race is Escalating: With CTV viewership booming, the fraud rate is also growing. The industry is maturing in its levels of fraud awareness and defense, and there are several steps buyers can follow to take back control.

Sen. Thom Tillis Drafts New Bill to Overhaul Copyright Office and DMCA: Senator Thom Tillis (R-NC) proposed a reform to the existing Digital Millennium Copyright Act (DMCA), involving an overhaul of the Copyright Office and letting federal agencies establish “standard technical measures” for copyright infringement. Content creators, companies, digital media platforms, and others can submit comments until March 5.

Inside the Chaos of Brand Safety Technology (and part 2): How does technology fuel brand safety? The team behind the BRANDED newsletter takes a closer look and shares how buyers can be more careful about brand suitability and contextual settings to avoid limiting audiences.

Take a “Revisit, Reset, and Repeat” Approach to Your Brand Suitability: If we learned anything in 2020, it’s that protecting your brand equity requires more than keyword blocking, says the IAB. The IAB recommends continually Revisiting settings, Reset their controls as needed, and Repeat these steps over time to protect their brand.

It’s Time To Zero In On Demand-Path Optimization: Demand path optimization is quickly becoming a priority for the sell side, just as supply path optimization has for brands. Understanding the buy side will help publishers protect their brand from bad actors.

CTV Is the Next Big Focus Area for Fraud and Brand Safety: CTV is an unmissable opportunity and continues to attract more ad dollars. This increases the focus on brand safety, particularly given the challenges CTV presents in terms of transparency.

Stop Confusing Advertisers with too Many Quality Metrics: This article from MediaCom’s Oliver Gertz may be a few years old, but its message stands the test of time: there is no need to over complicate advertising and brand safety metrics.

Ask an Expert

SpotX works with many dedicated inventory quality experts who really know their stuff. In each issue we pick their brains to get answers on burning questions from the market – if you have a question that you’d like us to address, please email guardians@spotx.tv.

In this issue, Nick Frizzell, VP of Inventory Quality and Planning at SpotX, speaks with Dr. Augustine Fou, the industry’s preeminent expert on digital ad fraud.

Nick Frizzell: Tell us a little bit about yourself, your background, and what you’re focused on these days.

Augustine Fou: I’m a digital marketer of 25 years. I’ve been on the client side, at American Express, and on the agency side, at IPG and Omnicom. Since about 2012, I have been focused on the problem of digital ad fraud, because bot activity has messed up analytics to a point that you cannot reliably make business decisions based on fraudulently inflated ad impressions, clicks, etc. Before we can do real digital marketing, we have to solve for ad fraud and bot activity.

NF: You’re very clear that the core issue to ad fraud is an incentive problem (i.e. everyone in the ecosystem is incentivized to look the other way). If you were to change incentives, how would you do that, particularly for mediums like video that are more branding specific?

AF: Right. Ad fraud is not a tech problem that can be solved by throwing more tech at it — e.g. bot detection tech. Ad fraud is an incentives issue, and all ad tech middlemen make more revenue from volumes inflated by ad fraud. It’s really hard to change ingrained incentives; but it is possible to educate marketers that exceptionally large numbers of ad impressions don’t mean better advertising. In fact, if they acknowledge ad fraud, they will realize that a sizable portion of the ad impressions are shown to bots and not to humans. Once marketers realize this and focus on buying ads from good publishers that do not cheat by buying traffic, they will see smaller numbers of ad impressions but better marketing outcomes.

NF: For video clients, how do you measure success?

AF: All clients, not just video clients, should determine success by measuring incrementality of sales driven by marketing activity — that means sales that would not have happened in the absence of the marketing. Otherwise, if they were doing marketing, and the sales would have happened anyway, how are they sure the marketing caused the sales? Take this example of a CTV campaign from Utah State Tourism that measured incrementality correctly using Arrivalist. Utah Tourism measured arrival rates from four different origin markets (where visitors came from), then they turned on CTV campaigns in those specific markets. They could see a lift in arrival rate when comparing visitors exposed to the ad versus a non-exposed control group. The vast majority (72 - 94%) of those visits included overnight stays, a key metric of economic activity that the tourism bureau reports on. Bots don’t pay for overnight stays in offline hotels. We can consider this successful CTV advertising.

NF: You’ve quoted that ad fraud rates can range anywhere from 1 - 100%. What are some best practices you’d encourage media buyers to follow to try and get closer to the 1% range?

AF: Start with measuring real business outcomes rather than vanity metrics like number of impressions, percentage of ad viewed, etc. This helps you avoid fake CTV streaming apps that generate lots of video ad impressions and even completed ad views, but no business outcomes. Buy through SSPs that have knowledgeable practitioners keeping a close eye on quality and that kick out bad actors as soon as they see them. And finally, use your own analytics and common sense — if a CTV streaming app shows too many impressions to be true, or if those impressions occur in the middle of the night or middle of the day when most humans are sleeping or working, check into it more closely. That’s how you will be able to minimize the fraud impacting your campaigns.

NF: What are some best practices for sellers to follow to lessen the risk of their brand being misrepresented or stolen via fraud tactics?

AF: Only let a very, very small number of partners sell your inventory. It’s just like The New York Times having a very tight and short ads.txt list. Sellers of real CTV inventory should have as short of a list as possible. If some other strange network is representing that they sell the publishers’ inventory, they are faking it — spoofing the inventory fraudulently. It’s easier to catch.

NF: You’re very vocal around how some industry trade organizations approach traffic quality. How do you encourage your clients to look past certifications and seals to truly understand if their partners are protecting ad dollars from the criminals and keeping it flowing toward legitimate actors?

AF: Seals and certifications are useless when the grantor of the certification has no tech or data of their own. They also don’t have any truth set to know if the fraud detection is correct or not. Worse still, they allow self-attested certifications, which means the party being certified can just declare they don’t do fraud or promise they won’t do fraud, pay the certification fee, and get certified. Does that provide any protection against fraud? Common sense should tell you whether that’s useful or not.

The best thing an advertiser can do is be a good steward of their own ad budgets and look for real business outcomes. Those who rely on industry associations to confer questionable certifications on vendors are probably not looking for real protection from fraud; they’re looking for protection for their own asses — as in CYA or “cover your ass” in case your boss asks. They want to be able to say “those vendors were certified, so we continued to buy from them,” even though it’s apparent to everyone that there were fraudulent volumes.

NF: There are what seem to be a million different players in the programmatic ecosystem today. Do you have any best practices to quickly identify which ones might be bogus versus which ones are worth talking to?

AF: I look for vendors who “show” me they are clean rather than “tell” me they are clean. Pretty much every ad tech vendor has PR and brochures that say how clean and transparent they are. Just like useless industry certifications, those are equally useless. If they show you the analytics and show you detailed placement reports (e.g. hourly data, by app, etc.) so you can see for yourself, I would start with those. If vendors don’t show you detailed reports, what have they got to hide? And be sure to run away from those who say “trust us, we’re fraud free.”

NF: We encourage our readers to follow you on Twitter @acfou, but how can folks get a hold of you if they want to learn more?

AF: Yes, on Twitter and also on LinkedIn. I am always happy to hear more case studies, learn from their experiences, and help if I can. I am not looking for more consulting work; I always do no-cost pilots for advertisers who want to test and use FouAnalytics. Many small- and medium-sized businesses use FouAnalytics in a self-serve capacity to monitor and optimize their own campaigns. It’s free to them. And I decline 19 out of 20 clients after “interviewing” them via the no-cost pilot — it’s clear which ones are “watching sports” instead of doing marketing.

Best Practices

How to avoid fraud in CTV

Following the discovery of the StreamScam and ParrotTerra ad fraud operations, it is a good time to review best practices for transacting safely in the CTV space.

Note that server-side ad insertion (SSAI) does not increase vulnerability to fraud, though many have pointed to SSAI as the culprit. There are some bad actors that filter traffic via fake services that look like SSAI providers, spoof critical pieces of information (e.g. IP address, user-agent, app ID) in an attempt to garner programmatic spend and steal money from legitimate media owners.

To transact safely and avoid fraud within the CTV landscape whether you use SSAI technology or not, follow these best practices:

  1. Only work with direct and reputable CTV partners. Most programmatic CTV inventory is direct. So if you see premium inventory from an unrecognized media owner or network, you should question how they are accessing it. Leverage programs such as sellers.json and oRTB supply-chain object to understand who is selling an app ID.
  2. Don’t buy from app IDs that are not recognizable or well understood. If you, friends, family, or colleagues have never heard of an app, then the best rule of thumb is that those apps are not a good fit to run advertising on.
  3. Where applicable, only buy inventory that is authorized per app (ads.txt). Following the IAB Tech Lab’s recently released guidance can help avoid fraudulent behavior. If you have a relationship directly with a media owner, yet see their inventory appear in other places, ask them if they have a legit relationship with the entity representing that inventory. Chances are they don’t! With the newly released guidance for supporting app(ads.txt) in CTV and OTT, we encourage app stores, media owners (and their partners), along with buyers to adopt the standard and only buy from publisher IDs included in those files.
  4. Leverage verification partners to identify and block fraudulent inventory. Some verification companies that support fraud detection in CTV include DoubleVerify, Oracle’s MOAT, and WhiteOps. There are also several others, so if you have existing partnerships ask if they support it and to what extent.


See our buying resources

At SpotX, we actively compile two brand safety lists: the first consists of companies where we’ve witnessed quality issues, and the second is made up of sites or apps that we’ve decided to block. Because of our commitment to transparency, we publicly share this with all of our customers.

Here’s how we recommend using the lists:

  • SpotX disqualified list: See if you’re buying from these entities on any other platforms. If you are, do a little digging and see if you believe they’re adding value to your media strategy.
  • SpotX exclusion list: Cross reference this with delivery reports. If you’re buying anything today from a site or app on this list — please let us know. We’d be happy to give you thoughts on why it’s landed on our exclusion list and why we suggest you no longer buy it.

Want to see the lists?
Just ask.

Email brandsafety@spotx.tv

Fast and easy
inventory discovery



SpotX Explorer is the world’s largest online portfolio of premium video inventory, featuring over 190 media owners in the US, Europe, and Asia.

With a significantly improved user experience and the world’s most diverse source of unified supply, SpotX Explorer makes it easier than ever for advertisers to match campaign requirements with premium inventory.

Learn more. Explore Now.

Read past issues of the SpotX Guardian and subscribe here.