Ad Fraud Prevention: Protect Your Revenue and Advertisers

The Ad Fraud Landscape

Ad fraud is the deliberate manipulation of digital advertising metrics to extract money from advertisers without delivering legitimate impressions or clicks. Estimates put global ad fraud losses around $80 billion per year, making it one of the largest categories of cybercrime.

For publishers, fraud has two implications. The first is that fraud depresses CPMs across the entire ecosystem because advertisers discount their bids to compensate for expected waste. The second is that being associated with fraud, even unintentionally, can disable a publisher account or destroy direct relationships overnight.

Most publishers are not committing fraud directly, but they can become victims through bot traffic, account compromise, or supply path manipulation. This guide walks through the defenses that protect both your revenue and your reputation.

For broader monetization context, see our programmatic advertising guide.

Common Fraud Types

Bot Traffic

Automated bots that visit pages and trigger ad impressions without any human seeing them. The most common fraud type and the easiest to detect.

Domain Spoofing

Fraudsters falsely claim that low-quality inventory belongs to a premium publisher domain. Ads.txt is the primary defense.

Click Fraud

Bots or paid clickers generate clicks on ads to defraud cost-per-click advertisers.

Pixel Stuffing

Multiple ads loaded into 1x1 pixel containers, registering impressions without being visible.

Ad Stacking

Multiple ads loaded into the same slot, with only the top ad visible.

Geo Spoofing

Fraudsters mask the true geography of traffic to qualify for higher-CPM regions.

Ads.txt and Sellers.json

Ads.txt is the IAB's solution to domain spoofing. It is a plain text file at the root of your domain (e.g., example.com/ads.txt) that lists every authorized seller of your inventory. SSPs and DSPs cross-check ads.txt to verify that bid requests come from legitimate sources.

Ads.txt Format

Each line declares one authorized relationship: domain, publisher ID, relationship type (DIRECT or RESELLER), and certification authority ID. For example: google.com, pub-1234567890, DIRECT, f08c47fec0942fa0

Sellers.json

Sellers.json is the SSP-side counterpart. It declares the upstream publisher relationships maintained by each ad exchange. Together, ads.txt and sellers.json create a verifiable chain from publisher to exchange.

Maintenance

Update ads.txt every time you add or remove an SSP relationship. Outdated ads.txt files block legitimate demand and depress fill rates.

SupplyChain Object and Trust

The SupplyChain object (schain) is an extension of OpenRTB that travels with bid requests and declares the full chain of intermediaries between the publisher and the buyer. It enables end-to-end transparency and is increasingly required by premium advertisers.

Why It Matters

• Identifies hidden resellers in the supply chain
• Reveals fee layers that erode publisher revenue
• Surfaces unauthorized resellers
• Required by IAB Gold Standard publishers

Modern SSPs implement schain automatically. Verify with your demand partners that schain is active for your inventory.

Traffic Quality Monitoring

Beyond technical defenses, ongoing monitoring of traffic quality catches most fraud attempts before they damage your account.

Signals to Watch

• Sudden traffic spikes from unexpected sources
• High bounce rates correlated with specific referrers
• Unusually short session durations
• Geographic concentrations in non-target countries
• Pageview-to-impression ratios that look too good

Tools

The Sentinel Bounce Rate Bot can help track engagement quality changes that often signal incoming bot traffic.

Detection and Response

When suspicious traffic appears, react quickly. The longer fraud goes undetected, the more damage it does to your account standing.

Immediate Steps

1. Identify the source (referrer, geography, user agent)
2. Block the source at the CDN or firewall level
3. Flag the traffic in Google Analytics with a custom segment
4. Contact your SSP to flag the impressions as invalid
5. Document the incident for any future audit

Long-Term Response

If the incident affected significant volume, monitor your account standing in the following weeks. Some SSPs apply reputation penalties that take time to recover from.

Reporting and Remediation

Most SSPs and ad exchanges provide self-service tools for reporting fraud. Use them aggressively. Reporting fraud you discover protects both your account and the broader ecosystem.

Where to Report

• Google AdSense: Invalid Traffic team via Help Center
• Google Ad Manager: Invalid Activity report
• SSPs: Direct contact with account manager
• IAB TAG: Industry-wide fraud reporting

For broader policy compliance, see our AdSense optimization guide.

Long-Term Best Practices

• Maintain ads.txt and update on every SSP change
• Monitor traffic quality weekly for anomalies
• Implement bot protection at the CDN level
• Verify SupplyChain object is active
• Audit referrer sources monthly
• Use third-party verification for premium direct deals

Treating fraud prevention as ongoing maintenance, not a one-time task, is what separates publishers who maintain strong account standing from those who suffer sudden disablements.

FAQ

What is invalid traffic?

Invalid traffic (IVT) is any traffic that does not represent genuine human interest, including bots, accidental clicks, and fraudulent activity.

How do I create an ads.txt file?

Get the authorized seller declarations from each of your SSPs and combine them in a plain text file at example.com/ads.txt. SSPs provide the exact lines to include.

Can fraud disable my AdSense account?

Yes. Persistent invalid traffic can lead to permanent account disablement, which is rarely reversed.

Should I use a third-party fraud detection service?

Premium publishers benefit from third-party verification. Smaller publishers can rely on Google and SSP-side defenses.

How often should I update ads.txt?

Every time you add or remove an SSP relationship. Outdated ads.txt blocks legitimate demand.