The pop-up on your phone might claim that “You’ve won”, but it doesn’t always feel like publishers are winning when it comes to one particular form of malvertising. Forced redirect ads, or auto-refresh ads are a real problem for both users and publishers. This irritating form of “bad ad” takes users to unrelated and unwanted pages that often lead to scams, malware and unauthorized app installs. Forced redirect ads can be hazardous for the end users, but they also reflect poorly on the publisher who can often be blamed. This not only drives users away, but can result in mistrust that put users off from returning.
Forced redirect ads don’t just hurt the publisher who served the ad either. If malvertising, including unwanted redirects, triggers a user to install ad-blocking software to protect themselves then the whole ad-funded web suffers.
Weren’t SafeFrames meant to stop this problem?
Yes! Unfortunately they don’t stop it entirely.
SafeFrames are an IAB standard for ads to run within a sandbox. The idea is that the SafeFrame restricts access to the page and therefore limits what code run in the SafeFrame can do outside of it. This sounds great, but there are two important issues with SafeFrames. The first is that they don’t stop all of this type of attack – enabling SafeFrames doesn’t stop all mobile redirect issues. The second problem is that SafeFrames are not compatible with all demand and using them can impact performance.
Why are forced redirect ads so hard to tackle?
Any publisher who has been plagued by forced redirect ads knows how hard they can be to track down. They often appear at a weekend when there is less resource available to tackle a problem. Holiday weekends are a particular favourite time for them. The first sign of a problem is often a user complaint. These rarely contain enough information to act on, meaning that the first challenge is trying to replicate the problem.
This alone can be an impossible task. Like any other advertiser, the buyer behind the forced-redirect ad will have chosen specific criteria to target. If they are targeting a narrow combination of device, geography and other criteria, a publisher can be left fumbling in the dark even trying to trigger the ad for themselves.
How to avoid forced redirects
It’s probably not realistic for publishers leveraging any demand through open exchanges to expect never to serve a forced redirect / auto-redirect ad. There is a constant cat and mouse struggle between bad actors intent on abusing ad-tech and the companies who build it, and bad ads will occasionally get through. Publishers can take steps to greatly reduce the number of such problems that they see:
- Carefully consider who you partner with for demand
Not all SSPs are equal when it comes to stopping Malicious ads. According to data from Confiant, Google AdX has some of the lowest rates of malicious ads being served, at around 0.03%, but some SSPs can have rates up to 43X higher. At OKO, we consider malvertising rates to be an important factor in our demand stack and adjust this as patterns change. - Use SafeFrames if you can
If you have units dedicated to direct ads and AdX / Exchange Bidding demand, you can likely enable SafeFrames on those. This won’t stop the problem, but it does provide an extra layer of protection. - Listen to your users
If users are complaining about redirects, take action. It can be hard to track down the specific source of a forced redirect, but even knowing the SSP involved can allow you to take action whilst their is an active problem. - Consider a safeguarding service
Thankfully there are services like Confiant, AdLightning and GeoEdge, designed specifically to help with these issues. Each comes with a cost, usually levied as a CPM, but in exchange they scan the creatives served on your site and block those that exhibit known bad behaviour. No solution is perfect, but these can have a significant impact on the number of bad ads served. OKO publishers can also talk to their account manager about getting such capability added to their site. - Test the impact of pricing floors
The cost vs effectiveness of pricing floors can vary from site to site, but low floor prices set for your top geos can sometimes be an effective measure.
Kamen Hadzhiyski says
This is why I am using Google Ads. From all other platforms I have used for now interestial small popup and push from propeller are good. Well if we dont use the so hated pop under. Ads are still … weird but not that bad and in some way they pay better than adsense. I have no clue why many still use popunder and forced redirect ads.. All users hate them :X
Mat Bennett says
Popunder and forced redirect are very different things. Pop-under are generally a format that the publisher opts into, although malvertising versions exist to. With forced redirects we’re discussing the issue of when “bad actors” run campaigns that force users to redirect through standard banner spots. This isn’t something that the publisher has opted into in any way.