Bids should provide information that prevents fraudulent ads from serving

[wojciech-bialy-wpm]

Type of issue

Feature request

Description

As a publisher, we've been having constant issues with fraudulent ads, that fall into three basic groups:

1. Scam ads with fake celebrity endorsements
Ads misuse image of celebrities, or other publicly recognized persons, by offering products or services that the said person has no connection with.

2. Adult content ads
Either ads, or landing pages that they redirect to, include content that is inappropriate and might violate
principles of social coexistence. This kind of ads usually hide the policy-violating landing page behind a redirect url

3. Financial fraud ads
Ads containing financial promotions and scams focused on get rich quick schemes. Ads in this category usually contain fake endorsements (see 1).

In combating the above scam traffic, we feel that biders should be obliged to provide more information about the ads that they send.

At the moment, when it comes to bid responses:

• information about advertiser domain is not required
• demand chain object, while supported by Prebid.js since 2021, is strictly optional and almost never provided

Optional nature of the above data means that publisher does not have the required information to prevent fraudulent ads from winning the auction and being displayed. Furthermore, the logic of picking the winning bid does not take ad information (such as ad domain) into account - meaning that, given ads with- and without ad domain information, publisher might not be able to pick one over the other.

We therefore propose, that ad domain information be mandatory, and bids without such information be discarded (probably during bid validation performed by the bidderFactory.isValid() method).

[dgirardi]

I am curious how much can get done on this with badv / bcat. Would this work if we provided a better mechanism to enforce those? it would be an easier goal compared to requiring more info across the board.

[patmmccann]

Probable duplicate of #6345 ; we're not going to flip the defaults in a minor version of course, that would just break everyone, but we could potentially require adomain in a future release. Notably Xandr client side endpoint cannot return it

[patmmccann]

@wojciech-bialy-wpm do you agree this is a duplicate?

[wojciech-bialy-wpm]

Agreed - issue 6345 describes it as 'filtering (ie. removing from the auction) bids based on the presence of advertiserDomains'

We've recently started logging the presence/absence of adomain in bids, and in some cases adomain is present, but incorrect ("unknown", for example). In others adomain is the name of buyer/DSP ("doubleclick.net", for example).
So while blocking bids lacking meta.advertiserDomains is definitely a way forward, the fake/fraud detection issue might require presence of a demand chain object.

[patmmccann]

Closing as duplicate, taking another look at 6345 priority