A campaign report is a reassuring document. It shows impressions delivered, a tidy CPM, a viewability score in the green. What it does not show is whether a human being saw the ad, or whether the human being was real. Those two questions sit underneath every programmatic buy, and for years the honest answer to both has been: probably not, more often than you would like.
This is not a story about a single scandal. It is a story about a slow leak. Money goes into the top of a demand-side platform and a meaningful slice of it never reaches a person who could ever buy anything. Some of that slice is stolen by fraud. Some is spent on inventory that is technically real but worthless. The encouraging news, which this post will get to, is that the leak is smaller than it was two years ago, because buyers started looking. The discouraging news is that it never closes completely.
Origin: how the machine learned to waste money
Programmatic advertising was built for speed and scale. An impression is auctioned in the time between a page request and a page render, and a single advertiser can buy across more than a million websites and apps without a human ever approving a placement. That design solved a real problem. It also created the conditions for waste, because nobody is looking at where the ad lands.
Fraud arrived almost immediately, and it has always been an arms race. The clearest illustration is 3ve, an operation that ran from roughly 2013 to 2018 and was dismantled by Google, the FBI, and the security firm White Ops, now called HUMAN. By the account HUMAN published after the takedown, 3ve infected about 1.7 million computers over its life, forged more than 10,000 websites, and at its peak threw off as many as 12 billion fraudulent ad bid requests a day before it was stopped. Its predecessor, Methbot, ran a data-center fleet that faked clicks and mouse movements to look human. The takedown worked, but the lesson stuck: a blocklist is always a step behind, because the fraudster simply rotates to fresh IP addresses faster than the list updates.
The second kind of waste is newer and quieter. Made-for-advertising sites are not fraud in the criminal sense. They are real websites with real content, built for one purpose: to carry as many ads as possible. The supply-path research firm Jounce Media tracked the share of open-web auctions coming from MFA inventory and found it climbed from roughly 6 percent in early 2020 to a peak close to 30 percent in mid-2023, a rise Jounce itself labels about four and a half times. These sites work through arbitrage. The operator buys cheap traffic, often for around five cents a click from social feeds or content-recommendation widgets, points it at a page stacked with ad slots, and sells the resulting impressions for more than the click cost. By Jounce's count, around 77 percent of MFA bid requests trace back to social platforms, with content-recommendation widgets such as Outbrain and Taboola a distant second. The content is filler. The ads are the product.
Present: four ways the budget leaks
It helps to separate the leak into its parts, because they do not have the same fix.
Invalid traffic. This is the fraud bucket: bots, not people. The industry splits it into general invalid traffic, the obvious data-center bots that any filter catches, and sophisticated invalid traffic, or SIVT, which is the hard part. SIVT is the Media Rating Council category for fraud designed to evade detection. A modern bot does not just request a page. It runs a real browser, scrolls at a variable speed, pauses, moves a cursor with realistic acceleration, and routes through a residential IP address so it looks like a home connection. The old defense was a rule: this user agent, this IP range, block it. That rule no longer works, because the bot is built specifically to pass it. The arms race that started with Methbot never ended; it just moved up a level.
Domain spoofing. A fraudster running a junk site wants premium prices, so it lies about its identity. At auction it claims the impression is on a well-known publisher rather than its own page. The industry built two countermeasures: ads.txt, a file where a publisher lists who is authorized to sell its inventory, and sellers.json, which lets a buyer trace the chain of intermediaries. They help. They are also not airtight, because fraudsters forge ads.txt entries on lookalike domains and many buyers never enforce the sellers.json check.
Non-viewable impressions. An ad can serve, get counted, and be billed without ever entering the screen. It loads below the fold on a page the user never scrolls, or in a background tab, or stacked behind another ad. The buy looks delivered. Nobody saw it. In the ANA Q3 2025 benchmark, built from log-level data on real campaigns, non-viewable inventory still ran near 13 percent of web and mobile spend in the cost waterfall. A further slice, roughly 12 percent, lands on inventory that cannot be measured for viewability at all, which is its own quiet problem.
Brand-safety failures. The ad runs next to content that damages the brand: hate speech, graphic material, misinformation. This bucket cuts both ways, and that is the honest part. Aggressive keyword blocking overcorrects. The ANA found that legacy brand-safety tools were blocking as much as 30 to 50 percent of professional news inventory, starving credible publishers of revenue to dodge a risk that modern contextual analysis can read more precisely.
How big is the total leak? The figures need care, because they come from different studies measuring different things, and they should never be added together. Juniper Research, in its report on the global cost of ad fraud, put fraud losses at about 84 billion dollars in 2023, roughly 22 percent of online ad spend, and forecast a climb to around 172 billion by 2028. That is a global, all-channels estimate of fraud alone. The ANA benchmark measures something narrower and more verifiable: a different kind of waste, not fraud. Using log-level data on participating advertisers, the ANA projects about 26.8 billion dollars of open-web programmatic value that could be allocated more effectively, derived from applying the benchmark's quality gap, the delta between what advertisers paid and what a quality impression costs, to an estimated global open-web market. Treat both as directional. The precise number matters less than the shape, and the shape is large.
The MFA share fell, and that is the real news
Here is the genuinely good development. The made-for-advertising problem, which looked structural in 2023, got much smaller fast.
The 2023 ANA transparency study found that MFA sites accounted for 15 percent of programmatic spend and an even larger share of impressions. That number became a rallying point. Buyers, agencies, and ad-tech vendors built MFA detection into their stacks and started excluding the inventory. The effect shows up clearly in the ANA quarterly benchmark: MFA exposure fell from that 15 percent in 2023 to roughly 1 percent in 2024, and in the Q3 2025 benchmark the median was down near 0.4 percent of spend. The same report shows working media on web and mobile, the share of the dollar reaching a quality impression, climbing from 36 percent in 2023 to 47.1 percent.
That is what looking does. It is also not the whole picture. The ANA found the improvement is unevenly distributed: the worst quarter of the advertisers it measured still had MFA exposure ranging from about 3 percent to over 27 percent. MFA also runs higher on the open exchange than in private deals, roughly 1.4 percent against 0.4 percent in the Q3 benchmark. And MFA is mutating. Integral Ad Science, in a July 2025 analysis, flagged AI-generated slop sites as the next version of the problem: sites that publish up to 1,200 articles a day to manufacture ad slots, and that mostly do not yet appear on demand-side platform blocklists. The waste category does not disappear. It changes shape and waits to be found again. That dynamic, where generative tools flood the open web with low-value pages, is the subject of a separate piece on AI slop and the sameness penalty.
Future and impact: the playbook, and its limits
A marketer who buys media cannot abolish fraud or waste. The realistic goal is to leak less than the market average, and the tactics that do that are well documented.
Read your log-level data. This is the foundation, and the ANA's entire method depends on it. Log-level data is the impression-by-impression record from your platforms, and matching it across your DSP and your verification vendor is the only way to see where value is hiding and where there is none. You cannot manage what you refuse to look at.
Buy from inclusion lists, not the open exchange by default. The open exchange offers reach and, with it, every junk site that ever forged an ads.txt file. An inclusion list flips the logic: you name the publishers you trust and buy only those. Endless exclusion lists lose, because new MFA domains appear faster than you can block them. The ANA points buyers toward a curated set of 75 to 100 trusted sellers reaching thousands of vetted sites.
Demand verification, and use it with both eyes open. Vendors like DoubleVerify and Integral Ad Science score inventory for fraud, viewability, and brand safety, pre-bid and post-bid. Run both kinds of check. But verification is not a guarantee. Independent investigators have repeatedly found ads slipping past these filters onto unsafe content, to the point that US legislators questioned the major vendors in 2025. Verification lowers the leak. It does not seal it.
Apply supply-path optimization. Every extra hop between you and the publisher is a place for a reseller to take a cut and for a spoofer to inject a fake. Buying the shortest, most direct route to an impression cuts fee and fraud at once. The mechanics, and where the fees actually go, are covered in the companion post on the ad-tech tax.
Judge campaigns on incremental outcomes, not cheap impressions. This is the tactic that fixes the incentive. An MFA site posts a low CPM and a healthy viewability score, which is exactly why a bidding algorithm chasing cheap reach loves it. Then it fails to drive a sale. IAS found quality inventory delivered 91 percent higher conversion rates than ad-clutter sites. If you optimize toward an incrementality test rather than impression volume, the algorithm stops rewarding the junk, because the junk does not move the number that counts.
Two honest caveats close this out. First, fraud follows money. As budgets shift to connected TV, so do the fraudsters: high CPMs and server-side ad insertion make CTV an attractive target, and DoubleVerify reported twelve new CTV bot variants in a single quarter of 2025, with one variant alone capable of draining millions a month. Second, some waste is structural. A non-viewable impression is sometimes just the physics of a long web page, not negligence. Perfect measurement does not exist, and chasing it past the point of diminishing returns is its own form of waste.
The takeaway is not despair. It is that the leak responds to attention. The advertisers who moved their numbers did not find a fraud-proof exchange. They read their data, narrowed their inventory, demanded verification while distrusting it a little, and measured what actually happened. The leak is still there. It is just smaller for the people who keep looking.
Council summary
This post argues that programmatic budget leaks through four distinct holes, criminal invalid traffic, domain spoofing, non-viewable impressions, and overzealous brand-safety blocking, and that each one needs its own fix rather than a single silver bullet. Its strongest move is refusing the doom narrative: it shows, with ANA log-level benchmark data, that the made-for-advertising share collapsed from 15 percent of spend in 2023 to under half a percent by late 2025 once buyers actually started measuring. The reader's takeaway is a concrete playbook, read your log-level data, buy from inclusion lists, demand verification while distrusting it, shorten the supply path, and optimize toward incrementality rather than cheap impressions, paired with the honest caveat that fraud migrates to connected TV and some waste is structural. The piece is careful where it counts, keeping the global Juniper fraud estimate and the narrower ANA waste figure clearly separate rather than conflating them. The verdict: a decision-maker finishes this knowing the leak is real, smaller than the headlines suggest, and responsive to attention.
Comments