The term “bad ads” is, broadly industry shorthand for ads that fail to meet a publisher’s standards for ad quality. An ad can be unwelcome even if it’s not intended to harm the user, yet we’ve come to refer to all unwanted ads as “bad ads.” It’s a catchy term but deserves clarification. We’re here to explain what makes a bad ad bad, how to block them— and why the variation in quality standards complicates the process of keeping bad ads off the page.
The State of Ad Quality
Every publisher is vulnerable to bad ads- every ad demand source is vulnerable, and security threats are only part of the problem. Bad ads are not simply the work of malvertisers abusing the open programmatic market. In fact, leading publishers reported:
Bad ads sources
They are equally as likely to see bad ads coming through the header or S2S than from any other sources.
Low-quality ad creative
Unwanted ad creative is a more widespread problem in the header than redirects are, 52% say they’ve had to deal with low-quality creative in the header, 23% with redirects in the header.
Header security risks
Bad ads of any variety — security or quality risks — count as one of the greatest challenges in the header for 48% of respondents.
To give bad ads the kind of attention publishers need to stop them in their tracks, we’ll look into the spectrum of ad quality issues. Publishers must identify not only what a bad ad looks like to them, but also identify what constitutes a bad actor and a bad user experience.
What is a Bad Ad?
Although industry professionals often speak about “ad security and ad quality,” ad security itself is really a subset of ad quality. Whether an ad is unsafe to the user and their device, or inappropriate for any other reason for the publisher or their audience, it’s still bad — low-quality.
Bad Ads: Beyond Security Risks
There’s an entire world of “bad ads” beyond security risks. It includes ads that contain misleading or untrue content, lead to landing pages containing such content; ads that are part of scam or fraud campaigns; campaigns or advertisers the publisher doesn’t want to be associated with; or even off-spec ads that inhibit good UX or page performance. These sorts of ads make for bad user experience, enable bad actors trying to evade QA processes, cause reputational damage with audiences and advertisers alike, and ultimately threaten a publisher’s ability to monetize optimally over time. Bad ads undermine a publisher’s “premium” standing and devalue the entire pages and sites where they appear.
Managing Ad Quality
Combating bad ads is challenging, in part because so much of “ad quality” is subjective. Every publisher has its own quality standards, and publishers often take an “I know it when I see it” approach to bad ads. There’s no universal standard for premium publishers, only standards that suit the specific publisher brand, audience, and advertiser or ad platform partners. Bad ads aren’t even necessarily intended by the advertiser to cause harm — they’re sometimes just a result of lax targeting or content categorization. No publisher is immune. But advertisers, whether acting in good or bad faith, ultimately want to profit, and quality publishers need to determine who gets to profit from their own engaged audiences and brand prestige.
Bad Ads & User Experience
The user experiences the page as a holistic piece — content, design, load time and so on. And users don’t separate ad content, and the content of the ad’s landing page, from page content. To the user, everything on the page, and everything the page links to, has been purposefully presented to them and endorsed by the publisher. To publishers, user experience and revenue are intrinsically linked, because good user experience leads to longer sessions, more repeat visits, and increased lifetime value of the user. And this moment — as a result of COVID stay-at-home orders, businesses’ acceleration toward enabling remote work, the uptick in e-commerce, increased use of digital channels for socializing, and the urgency to remain up-to-date and informed — is a crucial time for publishers to cultivate relationships with audiences that can last a lifetime. It’s also a crucial time to monitor broader trends in digital consumption habits, during what appears to be a transitional period in how we live our digital lives.
How User Experience Effects Revenue?
Bad UX can send a publisher into a revenue tailspin — cheap- or suspicious-looking ads communicate to users that the publisher doesn’t value their engagement, which causes engagement to drop, which causes CPMs and overall revenue to fall, which makes producing high-quality content a strategy. By the same token, good UX is the foundation of improved revenue — a cohesive and trustworthy page/ad experience encourages engagement, which pulls up CPMs and attracts more high-quality advertisers, which allows the publisher to grow their overall business. Maintaining UX is tricky, though, because of factors like cloaking (when a bad actor obfuscates bad ad content so it can’t be perceived by scanners) and limited visibility into all ads’ landing pages during the QA process. Publishers must take control of the content on all their pages, including ads, and to create brand-safe environments where ads and page content are aligned.
Types of Bad Ads
Deceptive content or misinformation
Pornographic, sexually suggestive or otherwise “adult” content
Fraudulent or non-existent products
Gambling sites, cryptocurrency, multi-level marketing networks, or other financially risky ventures
Disruptive, heavy, or otherwise off-spec ads
Among the category of deceptive ads,
we see three types of deception:
The landing page content is not related to the ad content at all.
The landing page is related to the ad content, but the page contains low-quality content (misleading, off-brand, etc.).
The ad leads to a phishing scam, a malware download, or other unsafe content.
Read our malvertising guide for more details on
how malvertising compromises user security
Ad Quality During Covid-19
Since the beginning of the COVID pandemic, publishers have seen an explosion of bad ads — including deceptive ads, brand-unsafe ads, ads for phantom or substandard products, and predatory (i.e. surge-priced) products. According to a report Digiday and GeoEdge produced, 67% of publishers have encountered a significant or great amount of deceptive ads since the spring of 2020. Among those deceptive ads, their most prevalent concern is ads that lead to landing pages unrelated to the ad content itself. This is particularly concerning because so many deceptive ads today use clickbait methods — sensationalistic copy or images, or tabloid-style unauthorized celebrity images. Such ads don’t only make the page look cheap; they have unusually high CTR. The landing page must be a consideration for QA.
Where Bad Ads Come From?
Bad ads generally come to publisher sites the same way secure, trustworthy ads do — starting at the DSP level, where the advertiser deploys a campaign that moves along the rest of the supply chain. In some cases, malvertisers will deploy their ads at unsecured spots in the chain, or through a reseller that isn’t concerned with quality. Consistent with the variety of types of bad ads in the digital ecosystem, those ads are deployed in a variety of ways. Bad actors who aim to cause harm to users, and who would be barred by any reputable DSP from buying media, very often need to disguise their true identity in order to access the programmatic market.
One common — and extremely difficult to detect and block — method of disguising is to use cloaking. Cloaking attacks hide the code for a malicious ad creative within code that looks legitimate or innocuous. Cloaking also hides the URL for a malicious landing page within code that resembles a URL for a legitimate site. In some cases, malvertisers will point the fake URLs to sites that counterfeit the design and branding of legitimate sites. Cloaking attacks detect whether the ad is in a non-human environment (an ad creative scanner) or a human environment, and will show the fake creative and URL to a scanner. When the page loads, the real (malicious) creative and URL are swapped in and shown to the human user. Cloaking can only be properly detected by sophisticated, real-time blocking technology.
How Bad Ads Enter The Supply Chain
Other types of bad ads enter the programmatic market in different ways. An inappropriate or off-brand ad can reach a publisher’s page through overly broad targeting or content categorization. Many ads would actually pass a cursory scan or even manual review, even if they would be considered inappropriate for most premium publishers — for example, MLMs, or sites that produce low-quality content and exist only to host ads. Sometimes a bad ad will come from an entirely reputable advertiser, but an advertiser whose message is inappropriate for certain types of content or audiences.
Bad Ad Delivery Timeline
Bad ads are often discussed as an unfortunate downside of the programmatic market. But the industry-wide embrace of programmatic doesn’t mean bad ads should be considered the cost of entry — and bad ads can easily come through direct channels, too. It’s been said that the farther any company on the supply chain is from the user, the less they stand to lose in terms of reputation and revenue by letting bad ads in. But preventing bad ads requires vigilance along the entire chain, with the publisher being the last line of defense and having the most at stake. Here’s an overview of the ad supply chain, and the points of entry for bad ads:
Advertisers and their media buying partners determine how a campaign will be targeted and scaled. DMPs and other data providers help build out audiences.
The campaign is submitted, and ad scanners automate the creative review process and inspect the creative code. Legitimate and “gray-area” advertisers pass review. Cloaked attacks pass by hiding the buyer’s identity and the creative they intend to deliver the target user
DSPs bid on inventory from SSPs and ad networks. The exchange aggregates bids and inventory, matching the buyer’s targeting parameters with corresponding audiences and criteria from the seller. Buyers connect with sellers in myriad combinations, multiplying the number of possible supply/demand paths, which complicates the process of locating the source of bad ads.
The SSP has processed bid requests from publishers, along with criteria to optimize publisher revenue and exclude inappropriate ads from winning or reaching the publisher’s page. Oversights in targeting or content categorization can let brand-unsafe, malicious or otherwise unwanted ads pass through.
Publishers may partner with an additional inventory reseller to help optimize revenue. In some cases, a trustworthy ad network will technically be considered a reseller. Other resellers are less scrupulous and provide a less-secure point of entry for low-quality ads and arbitrageurs
The winning creative is fetched from the server and sent to the publisher.
Verification vendors partner with companies all along the supply chain. Closer to the buyer, they can detect bot traffic and other forms of ad fraud. Creative scanning is commonly implemented at multiple links. Closer to the seller, specialized technology may be applied to block bad ads, ideally in real time.
The publisher provides a final round of manual and/or automated review
The ad renders as the page loads. A cloaked attack will reveal its true form to the user here. At this point, bad ads will need to be removed manually by the publisher.
The State of Programmatic Inventory
Programmatic today is key to the business strategies of advertisers and publishers alike. 84.5% of display spend in the US came through programmatic channels in 2020, and that’s forecast to be 88.2% in 2022. Programmatic/direct hybrids, such as private marketplaces, theoretically offer more oversight and transparency, but the open market is still an important piece of revenue optimization for publishers. For some publishers, particularly smaller publishers, all of their programmatic revenue comes from the open market.
We’ve already alluded to how complex programmatic supply/demand pathing is today, with so many platforms involved in transacting on ad inventory. It’s even more complicated when we consider leading publishers may get demand from direct header integrations, managed header wrappers (each of which contains multiple partners), server-side connections like Google Open Bidding and Amazom UAM/TAM (also containing multiple partners), the Prebid.js wrapper, and the programmatic waterfall.
Managing Demand Partners & Ad Quality
Bads ads volume
39% of publishers say the volume of bad ads coming through the header has increased in the past year.
Bad ads common types
The most common type of bad ad coming through the header are ads with poor or off-spec creative (52% of respondents). Inappropriate formats (in-banner video, pop-ups, etc.) are most common for 10% of respondents.
89% of publishers say they see deceptive ads on a weekly basis. GeoEdge research shows over 50% of the malicious ads in the ecosystem are ads with deceptive content.
As mature as the header seems, it is already being shaken up by the seismic changes rocking digital advertising. Check out the chief findings in the GeoEdge Ad Monsters Header Bidding Ebook.
Risks & Dangers: The Cost of Bad Ads
When bad ads reach users, publishers pay for it in the short term by pulling their ad ops and development professionals away from the advanced, specialized work that can grow the business meaningfully. Instead, those professionals are tasked with clean-up work and troubleshooting to find the source of those ads. In the long term, bad ads can pull a publisher’s business into a downward spiral — starting with loss of reputation and trust. Brand safety is high in advertisers’ minds today — as audience targeting became more accurate, advertisers came to focus also on the environments in which their ads appeared. Advertisers have no trouble pulling spending from publishers who don’t meet their brand safety standards. And when trustworthy advertisers walk away, they open the door for unfamiliar advertisers — and for overall yield and CPMs to suffer. Brand safety issues for advertisers lead to revenue issues for publishers.
Brand Safety Challenges for Platforms & Publishers
Of course, brand safety is an issue for publishers as well — users care deeply about the environment content appears in. Bad ads lead users to believe the publisher doesn’t value their engagement (and that the publisher gets paid by untrustworthy sources). And users know that if one of their preferred sites seems to have gone downhill, they’ll be able to get similar content from elsewhere. Ad platforms are aware of how bad ads negatively affect their reputation in the publisher community for trustworthiness and consistency — and how having reliably clean monetization can be a competitive differentiator. Here are some points to illustrate what’s at stake:
Blocking Bad Ads
As important as it is for a publisher’s business that they stop bad ads before they reach the page, many publishers still rely heavily on outdated or inefficient methods. Creative scanning along the supply chain catches some inappropriate ads, but scanning inspects only a percentage of ads coming through — and it’s ineffective against cloaking attacks. Even though tools, such as GeoEdge’s, are available to automate the QA process and block bad ads from the page in real time, many publishers rely on reactive and manual processes: 36% choose manual creative inspection as their top method for handling the problem, and 18% choose removing bad ads after they render as their top method.
Minimizing False Positives
Even with automation, false positives and overly aggressive block listing end up pilfering revenue the publisher has rightfully earned. Blocking ads by keyword or content vertical is a smart method, but if those categories and keywords are too broad, publishers catch a lot of good ads in the same net as the bad ads. In fact, 83% of publishers say this kind of over-blocking yields false positives, and stops an amount of safe ads. Blocking entire content categories may be more efficient than blocking individual advertisers, but those categories must be specific, and there must be enough of those categories to give the publisher flexibility to balance brand safety and revenue goals. Blunt-force blocking is such a widespread issue that 91% of publishers blame those methods for chipping away at the revenue they’ve earned. What’s more, 88% say their revenue would increase if their QA automation were more customizable. Publishers, their demand partners and their ad quality partners need to customize, by breaking down content categories more specifically and delineating more of those categories, building out nuanced lists of keywords, and allowing actionable manual review at the last mile. Publishers would be advised to work with an ad quality vendor that can detect and block bad ads — including campaigns too new to have been added to block lists yet — and offer solutions for customized content categorization.
Taking Control of Bad Ads
Despite the many factors why a bad ad would be considered bad, low-quality ads can be detected and blocked using the same methods used to block malvertising. However, because the methods of the ad ecosystem’s bad actors have evolved rapidly to evade security, publishers and ad platforms must consider whether their ad quality solutions are sufficient for this moment in the industry’s history.
Detecting Bad Ads
Early on, publisher-serving ad quality vendors used scanning tools to detect suspicious code in ad creative. Though, creative scanning looks at only select samples of the ads served, and bad actors developed cloaking techniques to evade detection even in a scanned sample. To safeguard the ad units on the publisher page itself, creative wrapping tools were developed. The ad quality vendor’s code goes into a wrapper around each ad unit. But this could be an inefficient method, as ad ops and development teams would need to re-integrate the creative wrappers following a page redesign or when adding a new ad unit to the page. Page-level protection unburdens publishers’ internal teams by placing the ad quality vendor’s on the page. This comprehensively protects all ad units on the page, even when page elements are rearranged.
Ad quality tools have also evolved: At one point, threats were flagged by matching malicious code in an ad creative and solely matching it against a list of code used in known threats. Those lists easily became unwieldy as malvertisers developed variable code that couldn’t be matched to previously flagged code. Leading ad quality vendors responded by removing or decoding encryption in bad ads, and by using insights from known threats to detect code that behaves similarly.
Eliminating Bad Ads
GeoEdge takes these advanced methods several steps further by also monitoring ad landing pages — where the greatest threats to users’ security and overall experience often lie — and by blocking potential quality threats in real time, so the publisher may review them for approval or rejection. This gives the publisher greater control over their sites and their ability to monetize.
Stopping bad ads before they become a brand safety, reputational and revenue problem requires cutting-edge technology, stakeholder participation — and a clear ad content strategy customized to the particular needs of your publisher brand, your advertisers’ goals, and your audience’s needs. Follow these best practices to maintain high ad quality standards:
Develop internal guidelines for ad content. Clarifying what you consider a “bad ad.” Identify stakeholders and specify their roles in communicating these guidelines to internal teams and outside partners.
Go beyond standard keyword/vertical blocking. Understand context and nuance on your pages, and create appropriately nuanced keyword lists. Break broad content verticals into more specific categories to align your content strategy with the right ad content. Work with your demand partners to implement granular content categorization. Apply those standards to both ad and landing page content.
Take advantage of QA automation. Add a human review at the end of the process. To facilitate that human review, AdWatch from GeoEdge gives publishers a comprehensive look at all ads rendered on the site.
Create a system for users to report bad ads to you directly as opposed to via social media.
Work with your demand partners to create private marketplaces, where buyers can feel confident investing in your site and audience
Vet ad quality vendors carefully for the most comprehensive coverage. GeoEdge is at the cutting edge of ad quality, providing real-time protection, advanced capabilities in detecting cloaking attacks and brand new threats, the ability to review and accept or decline any flagged ads, and the ability to monetize by replacing bad ads with pre-approved ads.
Ad Quality Assessment
Are your performance stats at least consistent over time, or is performance dropping? Poor UX drives users away from a site, mid-session and into the future.
Has your CTR risen rapidly? If so, this could actually be a sign that you’re being hit with undesirable clickbait-style ads.
Brand status on social media
Have negative mentions of your brand on social media increased? A growing number of complaints could indicate you’re experiencing sustained campaigns of bad ads.
Inappropriate Format Ads
Are your users seeing ads in inappropriate formats (e.g., pop-ups, BV)? This could indicate one of your demand partners has been infiltrated by low-quality advertisers.
Are your ad ops weighed down putting out fires to meet their goals? Too much time troubleshooting bad ads indicates you need more advanced protection.
Every high-quality publisher deserves to monetize their content, grow their audiences and cultivate deeper relationships with demand partners and advertisers — without worrying about bad ads. With GeoEdge, those goals become a reality. Talk with GeoEdge today about how you can eliminate bad ads without slowing down your strategies for growth and monetization.
Eliminating Bad Ads: GeoEdge Protection
While vetting ad quality partners, a publisher or an ad platform must look for comprehensive protection against security threats and the whole spectrum of ad content that is inappropriate for their own brand, advertisers and users. New vendors frequently appear on the market, promising to eradicate the current trend in ad security threats.
GeoEdge’s tools, by contrast, can detect and block malvertising as well as deceptive ad content, off-brand ads (per the publisher’s unique standards), adult ad content, prohibited industry verticals, and off-spec ads.
The GeoEdge team brings years of experience in ad quality and security, a proven record of detecting and blocking new quality threats as they emerge, insights from publishers and other digital stakeholders around the world, and a commitment to transparency and communication. Turn to GeoEdge for:
Comprehensive ad security and quality solutions from one trusted partner.
Real-time detection and blocking of unsafe and inappropriate ads.
Easy integration, direct onto the page, to protect all inventory even if the page is later redesigned
Customization for the publisher’s individual needs including the ability to toggle settings on and off to suit specific page content, the way the audience engages with that content, advertisers’ needs, and changing current events that affect brand safety
Brand safety solutions that can turn visitors into lifelong users, advocates for your site, and customers for your advertisers
Our ad quality management allows your teams to focus on higher-level work that serves your business, your audience, and your advertisers
Rapid, personalized customer service response including directly notifying the demand partners you choose to notify about any incidents of bad ads
GeoEdge is unique among ad security and quality vendors in that it embodies and enacts all of these characteristics, and serves as a committed partner to your business rather than simply a vendor. True ad quality partnership transcends malvertising and malware, and addresses the countless subtleties and unseen threats in digital media. Reach out to the GeoEdge team today to learn what we can do together to detect and stop malvertising — and any other ad quality and security issues affecting your business, users, customers, clients and partners.