The Financial Times has investigated the scale of domain spoofing occurring against its site, and has been shocked by the results.

The publisher has found display ads against inventory masquerading as FT.com on 10 separate ad exchanges and video ads on 15 exchanges, even though the FT doesn’t even sell video ads programmatically, with 300 accounts selling inventory purporting to be the FT’s. The scale of the fraud uncovered is vast — the equivalent of one month’s supply of bona fide FT.com video inventory was fraudulently appearing in a single day. The FT has estimated the value of the fraudulent inventory to be £1 million ($1.3 million) a month.

“The scale of the fraud we found is jaw-dropping,” said Anthony Hitchings, the FT’s digital advertising operations director. “The industry continues to waste marketing budgets on what is essentially organized crime.”

Jon Slade, Financial Times chief commercial officer, on Sept. 27 planned to notify the exchanges in question by mail to remove the fraudulent inventory, with the promise that the FT will check back in a month to ensure action has been taken. Hitchings wouldn’t say which exchanges were at fault but added that they are “known” names. A second letter is on its way to 11,000 of the FT’s client and agency contacts, explaining the problem and asking them to watch out for inventory that isn’t sourced from the two exchanges the FT sells its display inventory through, Google AdX and TrustX.

The fraud investigation coincided with the FT’s adoption of ads.txt, the Interactive Advertising Bureau Tech Lab’s tool created to help publishers combat ad fraud — specifically domain spoofing, but also arbitrage via unauthorized reselling. Other publishers including the Guardian and News UK have also adopted ads.txt, though uptake has been slow in the U.K. In his letter, Slade urged the buy side to push for publisher adoption of ads.txt.

“We are working with partners to support the adoption of ads.txt by all publishers, as part of our ongoing efforts to help clean up digital advertising. By eliminating this extremely widespread form of fraud, budgets will work that much harder for advertisers and the revenue will reach working media to fund the independent, high-quality journalism which society, especially today, depends upon,” Slade wrote in the letter to client and agency contacts.



Domain spoofing has long dogged digital advertising, and premium publishers are top targets for fraudsters, as advertisers will pay a lot for their inventory. The scale at which publishers have become domain-spoofing targets was brought under a sharp spotlight in February after the “Methbot” scheme, which spoofed more than 6,000 publishers in the U.S.

“This is what inspires fraudsters to take a vanilla URL and dress it up as a comScore top 50 site, so it appears more attractive to DSPs. This results in the fraudsters getting paid, the advertiser having to deal with some terrible PR about their brand appearing on a random site and the publisher is left out of pocket. Ads.txt is going to help stamp a lot of these bad actors out,” said ad tech consultant Paul Gubbins.

The Financial Times has long favored direct deals with advertisers, so programmatic ads only account for 5 percent of its advertising revenue. That could mean other publishers who rely more on programmatic revenue could have an even bigger domain-spoofing problem.

It’s not the first time the FT has looked into fraud on its own site, although it is the first time it has conducted this particular test. Previously, a bank came to the FT to talk about poor performance of its ads, which the bank had bought via a trading desk, according to Hitchings. “The brand thought they had bought a homepage takeover for the day and were expecting high impact. Not a single ad appeared,” he said.

We’ll discuss the next phase of programmatic at the Digiday Publishing Summit Europe. Learn more here.