Oops! USA Today and hundreds of local newspapers owned by Gannett were sending spoofed bid requests to multiple ad exchanges for over 9 months The owner of USA Today has admitted to providing inaccurate information to advertisers for nine months.
Gannet shares an array of DIRECT ad accounts from USA Today to Wisconsin news outlets. When advertisers thought they were buying ads on one Gannett site, very often the flagship USA Today newspaper, in reality, their purchase was for ads that appeared elsewhere.
As they had control over all these shared ad accounts to sell ad space for all the sites, they were easily able to pass ads.txt validations and spoof ad inventory for any of the websites under them until 4th March 2022.
Intentional or just a Caching Error?
Gannett, one of the largest publishers in America with outlets nationwide including The USA Today and more than 46 stateside newspapers has been known to use real-time bidding for ad inventory on their websites.
Gannett quickly issued an apology, saying it regrets the unintentional discrepancy here. The publisher regrets providing inaccurate data and has said that its auctions still had some URLs which would enable advertisers or ad-tech companies to detect the real identity of websites where ads are placed.
Gannett is now in hot water for not paying its bills and is facing an advertiser backlash after it was revealed that its site may have misled advertisers with ad auction discrepancies. Ad industry researchers analyzed code on Gannett’s websites which indicated billions of ad auctions being affected here. The company said they are determining whether or not to issue refunds to all advertisers who lost money here.
The news is always a tricky topic and many brands want their ads appearing next to certain types of content. However, there were discrepancies in this year’s Gannett auctions which made it impossible for them all to follow these rules perfectly!
Spotify (Music-streaming giant) and Ally (well-known in the financial services niche) were among the advertisers that bought ad inventory to promote their services in what appears at first glance as an authentic advertising campaign for USA Today. When researchers looked closer, they found these ads had been placed on websites across America without permission from either party.
The USA Today website is the most popular site for Gannett’s media properties. In their latest annual report, they said that 47% of circulation—including digital pageviews and print reach-came from this one single outlet!
The Wall Street Journal reported that Capital One & American Red Cross bought ads in real-time auctions which were expected to run on the Sarasota Herald-Tribune website. However, these campaigns actually ran on a Mexican-based news site instead!
Gannett came up with the conclusion that the advertisers were essentially bidding on incorrect ad space, so their ads may have ended up on websites they never intended to pay for.
Big brands like Nike, Adidas, Sear, Starbucks, Ford, etc bought ad space from them to be labeled incorrectly at auctions. A rep for those companies didn’t respond to requests but it is unclear if they were even aware their ads had been placed against another brand or not informed beforehand about these discrepancies.
When advertisers were misinformed of the article they would see, it wasn’t just the website itself that was being misrepresented in auctions. The content on these ads is oftentimes incomplete or entirely mismatched as well! Advertisers were informed an article was about the viral mobile game Wordle when it really detailed bear cubs in Pennsylvania.
In the ever-changing world of programmatic media buying, advertising space is now sold in a matter of seconds as you’re browsing. Ad auctions can be bid with important details for potential buyers which includes the site details and keywords that describe publishers’ content or users’ profile pages – all while they’re still loading!
The bid request data in Gannett’s auctioning process was inaccurate last 9 months but can they just shift the blame to the intricate Adtech ecosystem here?
Ad tech has become increasingly complex, with numerous players in the programmatic media buying game, running real-time auctions and assisting advertisers in placing bids. Many of these players have protections in place to detect misleading ad space but were unable to catch ‘the bid URLs mislabeled’ discrepancy.
More Details on the domain spoofing incident here: https://braedon.dev/2022/gannett-spoofing.html
Uncovering the Mislabeling
Each Gannett site conducts ad auctions using header bidding on multiple ad exchanges.
In the case of Gannett, ad space on an article on animal neglect in Detroit showed up on a college football article. Header bidding requests to Pubmatic and IndexExchange ad exchanges reported it as a USA Today football blog post but it was actually an animal neglect article. This is a classic example of Domain Spoofing. Gannett’s spoofed data was all popping up in requests to affected ad exchanges.
Here’s a list of the top 10 spoofed domains and their spoof frequency from which a wide margin of spoofed domains came from USA Today:
Can this happen again?
There are likely to be a few other cases of this kind of domain spoofing in the wild and ad exchanges, DSPs, and anti-fraud vendors need to take a good look at why it seemingly went undetected for so long, and how it can be avoided later.
The spoofed inventory was due to Gannett’s use of shared DIRECT accounts – advertisers could have detected the spoofing if the sites did not share accounts when validating the ad space against ads.txt files.
There are tonnes of other publishers with similar setups and other programmatic intermediaries that could be engaging unintentionally or otherwise in spoofing that can easily pass through ads.txt validations.
Enforcing DIRECT accounts to stamp out ‘bid URL mislabelling’ in the ads.txt spec to dismantle the publisher multiverse can make it simpler to detect domain spoofing if done correctly.
The Gannett issue going undetected for so long suggests that the ad auction reporting data in place to verify this information is not sufficient. If domain spoofing issues like Gannett’s can go undetected, it potentially puts brands and advertisers at risk.
In programmatic campaigns that are aimed at users, this might not be an issue, but most advertisers pay attention to the ad inventory and content where their ads pop up. Today, brand safety is something that advertisers prioritize, and no company wants to be associated with articles that barely fit into their niche.
If Gannett would have been MonetizeMore’s publisher partner during this domain spoofing period our AdOps would have been able to uncover these errors. Revenue discrepancies are an unfortunate reality in the world of AdOps. This is precisely why it’s so important to partner with an experienced and reputable AdOps partner who can help you verify your ad revenue information.
With our 50+ ad network connections, you can proactively monitor your advertising partners for revenue discrepancies. We help you measure your GAM Revenue data against Ad Network Revenue to detect any potential ad setup issues.