The findings left Jana Meron, VP of programmatic and data strategy at Business Insider, livid.
"I was pissed," she tells Ad Age. "The reality is there is a great injustice that is being done and the more we can talk about transparency and openness then the better it is for the industry."
Meron is a no-nonsense ad exec known for saying what's on her mind. She's also widely regarded by her peers as the biggest advocate for ads.txt, an industry-wide effort that aims to stamp out domain spoofing by labeling a publisher's inventory as "authentic."
It will officially roll out for the first time this Tuesday.
In one example of detected fraud, a Business Insider advertiser thought they had purchased $40,000 worth of ad inventory through the open exchanges when in reality, the publication only saw $97, indicating the rest of the money went to fraud.
"There was more people saying they were selling Business Insider inventory then we could ever possibly imagine," she told an audience at Ad Exchanger's Programmatic I/O conference Thursday. "We believe there were 10 to 30 million impressions of Business Insider, for sale, every 15 minutes."
To put the numbers in perspective, Business Insider says it sees 10 million to 25 million impressions a day.
Business Insider -- along with many other publishers -- have all fallen prey to a scam known as "domain spoofing." Generally speaking, domain spoofing is when re-sellers label fake inventory as that of The New York Times, for example, and then resell it on exchanges to media buyers.
Just how serious is this problem?
Domain spoofing is by far the largest threat to the digital advertising ecosystem.
Fraudsters target video ad inventory when executing domain spoofing scams for obvious reason: Video is limited in supply, has high demand and has a high price tag.
The net effect is that media buyers spend ad dollars on something that's never seen, publishers lose out on a sale and fraudsters pocket the cash and later invest a portion of their earnings to further evade detection.
Methbot, a domain spoofing scam that's widely regarded as the largest ad fraud attack in history, bilked marketers of $3 million to $5 million a day for over a month. Even Google, which is regarded as having the best defenses when it comes to preventing fraud, is also believed to be a victim of a recent domain spoofing attack.
Fraudsters have become so outrageous that the New York Times -- which doesn't even sell its video ad inventory on open exchanges -- found exactly that happening when it checked to see if it, too, had fallen prey to domain spoofing.
Solution on the horizon
Come Tuesday, those who have adopted ads.txt will finally see it enforced from demand side platforms. Publishers are hopeful that marketers will only purchase ads.txt inventory to protect themselves from wasting precious ad dollars.
Sara Badler, director of programmatic advertising at the New York Times, says she doesn't have any "jitters" around the ads.txt rollout.
"It's frustrating when people rep your inventory but don't actually have it," Badler says. "I'm just one of many publishers that gets these frustrations from domain spoofing and I think it's exciting to hopefully not have those anymore. I just don't want to get too excited."
The hurdles ads.txt faces are twofold: Will enough publishers adopt it and will marketers strictly buy inventory that's ads.txt. Ben Kneen at Ad Ops Insider wrote in mid September that roughly 13 percent of the top 10,000 publishers have adopted ads.txt.
Still, monster brands like Procter & Gamble, Google, among many others have put their weight behind the ads.txt effort. If publishers start capturing ad dollars once sent to fraudsters, revenue should go up.
"Economic theory says we should see more revenue because [of ads.txt]," Meron, the Business Insider exec, says. "We want to be on the frontlines with this."
Badler, meanwhile, hinted that she's cautiously optimistic on whether ads.txt adoption will result in more revenue for the publisher.
"Only time will tell," Badler says.