Every publisher and ad network has had the unfortunate experience of dealing with low-quality ads.  All technology providers related to advertising have firewalls to protect against malware. That being said, fraudsters are always trying to bypass these controls and sometimes they succeed. Although the enforcement of quality control in advertising is becoming stricter, the lack of real accountability of fraud in the ecosystems results in a very lucrative business for fraudsters.

What concerns all publishers is how these ads are served in the first place, what's being done to prevent them, and most importantly, how they should be treated when encountered.

Types of low quality ads

The types of ads that routinely plague publishers and could be considered malvertisements can be grouped into the following 4 categories:

1 - Redirects

In these cases, the reader lands on a publisher's page and the page automatically redirects to a different site. 

This is purely malware that takes advantage of different JavaScript dysfunctionalities and sandbox holes. 

In the past, Marfeel has reported several JavaScript related vulnerabilities to browser vendors that malvertisers were abusing. This specific kind of abuse is adverse for several reasons like the bounce suffered from the redirect and the impact on SEO.

2 - Distasteful ads

These include ads that the publisher or their audience might find in poor taste either through the image or the text of the creative. A good example might be ads promoting snail slime for skin care.

3 - Dishonest ads

A common case reported is a creative that looks exactly like a video player with a fake play button to encourage unintended clicks.

4 - Ads from competitors

This involves publishers who find competing brands displaying a banner on their mobile site. 

What's done to prevent low-quality ads

1 - Marfeel's solution against Malware (Redirects):

Within the mobile advertising ecosystem, there are repeated industry cases where ads with malware are served. They can be difficult to detect and prevent because of the sheer volume of transactions that take place in the digital ad market. Also, in programmatic advertising, SSPs might sell inventory to a third party which is usually a DSP (demand-side platform). The DSP might then sell it to another third-party which may be the culprit providing a creative with malicious JavaScript code within it or that may include malicious iframes that go to bad URLs.

All technology companies along the value chain provide tools to block creatives, but sometimes it's not feasible to find and further block them. When it's not possible to block a creative, the easiest action is to block the suspicious demand providers from serving ads on your site. Obviously, this turns into a decrease in monetization and therefore it can't be considered a sustainable and good strategy. Seeing all this, at Marfeel, we decided to develop and implement new technologies that could help us fight malvertising without hurting revenues.

Secure creative is Marfeel's answer to programmatic Malvertising

Marfeel uses an IAB Standard secure cross-origin iframe with an extra layer of security placed on top applying it to all our demand providers. This iframe ensures maximum restriction on the ad itself. It only ensures the ad is visible, clickable, and resizable, which prevents fraud, phishing, and other malicious malvertising activity.

Safe frame

The SafeFrame 1.0 technology is a  cross-origin iframe which disallows any tampering with the original page and at the same time opens a line of communication between the advertiser and the publisher content. Because of this line of communication, content served into a SafeFrame is afforded data collection and rich interaction. 


Sandbox is an HTML5 attribute which enables an extra set of restrictions for the content in the iframewhich stops any malicious scripts from coming out of the iframe and taking over the page. It also stops a creative from automatically redirecting a user to another domain, unless the user initiates it.

From IOS12 and Chrome 58 we have an extra layer of security

Secure creative is supported from all the modern browsers. For those browsers, all the Marfeel's inventory (Marfeel's positions) is 100% protected against malware.

2  - Distasteful ads and dishonest ads

  • To limit the threat of unwanted ads in the ad spaces they manage, Marfeel only works with the most trusted and top-performing demand providers (ad servers and Supply-side Platforms or SSPs). Each different provider has their own ad quality teams putting in place strategies and tactics to detect and prevent low-quality ads from being served. For example, one of Marfeel's biggest partners, Google Ad Exchange has proprietary technology and malware detection tools to check creatives that are served through their marketplace, and also has a dedicated Anti-Malvertising team
  • Since we are working with a large number of publishers, every time a distasteful or dishonest ad is reported by one of our publishers, we block the advertiser trough all our account in the Demand providers that we work with. This results in the blocking of that ad across all our network, preventing the appearance of this ad in the rest of sites.

3  - Ads from competitors

If the publisher provides us with specifics URL of competitors our ad quality team will take care of blocking these URLs in all demand providers.

How to treat low-quality ads

Marfeel detected cases

At Marfeel we have a dedicated team that takes care of the quality of ads that reviews ads being shown in our publisher network several times a day.  When Marfeel detects a low-quality ad, they automatically ban the advertiser and buyer accounts on Marfeel's demand-side. After the buyer and advertiser have been fully banned, Marfeel contacts and reports the issue to the demand provider. 

How to report an unwanted ad:

If a publisher detects an unwanted ad on their mobile site, they should send an email to success@marfeel.com with the advertiser destination URL, a screenshot and a clickstring.

How to capture clickstring from a computer:

Right-click on the ad and Copy Link Address (Chrome), Copy Shortcut (Internet Explorer). 

How to capture a clickstring from a mobile device:

Disconnect from any internet or cellular service, then click or tap the ad. The ad will attempt to open in a browser window, but because there's no service it will not load. However, the clickstring will be exposed in the URL. 

With both the destination URL, a screenshot and a clickstring, Marfeel can block the advertiser and buyer on the demand-side. Once both have been fully blocked, Marfeel reports the issue to the corresponding advertising partner so they can find the source of the creative and work on blocking the buyer from the market.