Home Data-Driven Thinking Iframes Leave Us Vulnerable To URL Fraud

Iframes Leave Us Vulnerable To URL Fraud

SHARE:

dwightringdahlData-Driven Thinking” is written by members of the media community and contains fresh ideas on the digital revolution in media.

Today’s column is written by Dwight Ringdahl, senior vice president of technology at RhythmOne.  

The digital advertising industry is trying to clean up its act, waging a war against fraud on multiple fronts. Efforts to stop nonhuman traffic and address blocking, prevent injections and ensure viewability have all been debated, discussed and deliberated ad nauseum.

But among all the types of fraud, there is one that is growing fast and hasn’t yet gotten its due: URL masking. Also known as domain spoofing, domain fraud or impression laundering, URL masking occurs when low-quality sites falsify their domain to appear like a legitimate publisher, giving them the ability to draw premium prices for junk inventory.

If bot fraud conceals the “who,” URL masking conceals the “where.” And the “where” matters a lot. It’s the difference between paying for a premium placement on a major publisher and winding up on a gambling or porn site. There are more than dollars at stake: A brand’s reputation hangs in the balance.

This type of fraud is prevalent, too. Some 23% of ads on RTB exchanges wind up on sites with masked URLs, according to DoubleVerify. Ghostery puts that number higher, at 40%.

URL masking has grown this big because it’s easy to do. And it’s easy because it exploits a fundamental weakness in the entire ad ecosystem: the iframe ad format. Reliance on iframes is the No. 1 cause for the prevalence of domain fraud. If we are going to get serious about this problem, we have to address our dependence on the iframe first.

Iframes Make URL Masking Easier For Fraudsters

An iframe is a chunk of code that allows you to create a window on the screen that is agnostic to the web page itself. It can contain anything – an ad, a web page – pretty much anything connected to the Internet can be thrown into an iframe. And what’s more: What appears in the iframe is virtually undetectable to the page it occupies because they don’t talk to each other at all.

That mutual blindness used to be an advantage. A few years ago, it was just about the only clean way to serve an ad across different browsers and ensure that it was delivered intact. But that blindness also means that it’s tremendously difficult to confirm whether iframe ads wound up in their intended location.

In other words, it is the easiest way to mask a URL. It allows publishers and intermediaries to misrepresent the real content of the site to the advertiser and attract higher-premium advertising dollars than would otherwise come their way.

Time To Switch

It’s a wonder, then, that iframes are as prolific as they are. Really. Major ad platforms still offer them as the default format for ads, and that’s just crazy. JavaScript is a viable alternative to iframes, and the industry should make a concerted effort to transition to that format as a default. It’s time for the standard to shift. There are still some places where iframes make sense – as a part of the creative itself, for example – but they should not be the default ad format for major players in the system. Iframes should be opt-in, not the other way around.

Apart from some very specific creative applications, there remains little upside to using iframes as an ad format these days. They made sense for a web where publishers used proprietary APIs and plugins for displaying content. HTML5 has solved that problem, and today iframes mostly present a downside risk.

On the other hand, the advantages to transitioning away from the iframe is clear. Domain fraud is on the rise, and it threatens not only budgets, but the reputations of both brands and legitimate publishers. It’s in everyone’s interest to take steps to stop this practice, and re-examining the iframe is an excellent place to start.

Follow RhythmOne (@RhythmOneUS) and AdExchanger (@adexchanger) on Twitter.

Tagged in:

Must Read

With Match Rates Falling, Is Effective Attribution Just An Illusion?

Attribution isn’t all it’s cracked up to be. Just ask Cimin Ahmadi Cohen, founder and CEO of Idea Peddler, a full-service agency based in Austin Texas.

Google’s Meridian And Meta’s Robyn: A Gift To Measurement Or Trojan Horses?

Google and Meta are quietly rewriting the rules of ad measurement, and they’re doing it with open-source marketing mix modeling tools that many marketers don’t even realize they’re using.

This New Training Framework Gives Publishers A Say In How AI Uses Their Work

The SAIL initiative compensates publishers when AI scrapes their content and guarantees the outputs adhere to the same cultural standards they apply to their own coverage.

Privacy! Commerce! Connected TV! Read all about it. Subscribe to AdExchanger Newsletters

AI Is Spreading Inaccurate Information About Brands. This Tool Can Help Fix That

Brands can’t just focus on how often they show up in AI search. They also need to pay attention to accuracy – and know what to do when AI gets it wrong.

This K-Beauty Brand Is Collapsing The Marketing Funnel To Grow Its US Customer Base

The “K” in “K-beauty” stands for “Korean.” But it should also stand for “kaboom” because Korean beauty product sales are exploding internationally, especially in the US market.

LinkNYC Kiosks Have Started Airing World Cup Games – TV Ads And All

The cinematic trope of people stopping to watch the news on a storefront TV display feels pretty out of date today. But sometimes, life can still imitate art.