What is Ads.txt?

Ads.txt (Authorized Digital Sellers) is an industry initiative designed to combat ad fraud in programmatic advertising. Introduced in 2017, this simple text file allows publishers to publicly declare which companies are authorized to sell their digital advertising inventory.

The ads.txt file is placed in the root domain of a publisher's website (e.g., https://example.com/ads.txt) and lists authorized sellers, resellers, and their account IDs. This transparency helps advertisers verify they're buying genuine inventory directly from legitimate sources.

Why Ads.txt Matters for Publishers

Publishers face significant revenue losses from unauthorized inventory sales and ad fraud. According to research from the Association of National Advertisers, ad fraud costs the digital advertising industry billions of dollars annually. Ads.txt provides a straightforward solution to several critical challenges that have plagued programmatic advertising since its inception.

Protection Against Domain Spoofing

Domain spoofing represents one of the most pernicious forms of ad fraud. Malicious actors impersonate legitimate publisher domains, selling fraudulent inventory to unsuspecting advertisers at premium rates. By publicly declaring authorized sellers through ads.txt, publishers create a verifiable chain of trust that makes domain spoofing immediately detectable. When advertisers cross-reference bid requests against published ads.txt files, any unauthorized seller claiming to represent a domain is instantly flagged and rejected.

Revenue Protection and Supply Chain Transparency

The complexity of programmatic supply chains creates opportunities for unauthorized arbitrage. When advertising spend flows through multiple intermediaries, publishers often lose visibility into who is selling their inventory and at what price. Ads.txt restores transparency by requiring publishers to explicitly authorize each participant in their supply chain. This ensures that advertising budgets intended for specific publishers actually reach them, rather than being siphoned off by unauthorized resellers operating in the shadows.

Market Adoption and Ecosystem Benefits

Major advertising platforms including Google Ad Manager, The Trade Desk, and Amazon Advertising have integrated ads.txt verification into their buying processes. Many demand side platforms now prioritize or exclusively purchase inventory from publishers with properly configured ads.txt files. This widespread adoption has created a network effect: as more publishers implement ads.txt, advertisers gain confidence in the ecosystem, leading to increased programmatic demand and higher effective CPMs for compliant publishers. Conversely, publishers without ads.txt files face reduced demand, lower fill rates, and decreased revenue as sophisticated buyers filter out unverified inventory.

How Ads.txt Works

The ads.txt mechanism operates through a straightforward verification process that runs automatically across the programmatic advertising ecosystem. Understanding this process helps publishers appreciate both the elegance of the solution and its limitations.

The Verification Workflow

Publishers begin by creating a plaintext file that lists all authorized sellers, including their domain, account ID, relationship type (DIRECT or RESELLER), and optionally a certification authority identifier. This file is uploaded to the root of the publisher's domain, making it publicly accessible at a predictable URL (e.g., nytimes.com/ads.txt). The simplicity of this approach is intentional—it requires no complex infrastructure, works with any web server, and can be implemented by publishers of any size.

Ad exchanges, demand-side platforms, and verification services continuously crawl and index ads.txt files across the internet. These crawlers discover publisher websites, retrieve their ads.txt files, parse the entries, and maintain databases of authorized seller relationships. The frequency of crawling varies by platform, but major exchanges typically refresh their ads.txt databases daily or more frequently for high-volume publishers.

During real-time bidding, when a bid request arrives claiming to represent a specific publisher, buying platforms cross-reference the seller ID in the bid request against their cached copy of that publisher's ads.txt file. If the seller is authorized, the bid request proceeds normally. If the seller is not listed, the platform can reject the request, reduce its bid, or flag it for manual review. This verification happens in milliseconds, adding negligible latency to the bidding process while providing robust fraud protection.

Understanding the File Format

Each line in your ads.txt file represents one authorized advertising partner. The file is a simple text document that lists the domain of each partner, your account ID with them, and whether you work with them directly or through a reseller. Your advertising partners will provide you with the exact entries to include.

Implementing Ads.txt

Implementing ads.txt requires methodical attention to detail. While the concept is simple, proper execution demands coordination with advertising partners and careful file management.

Information Gathering

Begin by contacting each programmatic partner—including SSPs, ad exchanges, and header bidding vendors. Request the complete ads.txt entry for your account rather than attempting to construct it manually. Each partner should provide their canonical domain, your specific account identifier, the relationship type (DIRECT or RESELLER), and optionally their TAG certification ID. Maintain a spreadsheet tracking which partners have provided entries and when they were added to facilitate future audits.

File Creation and Deployment

Create a plaintext file named "ads.txt" (lowercase, no file extension beyond .txt). Add one entry per line, with each line containing a complete authorization declaration. Use comment lines (beginning with #) to document when entries were added, which team member added them, and any relevant context about the partnership. Upload this file to your website's root directory, ensuring it's accessible at https://yourdomain.com/ads.txt. The file must return HTTP status 200 and be served with content-type "text/plain" or "text/plain; charset=utf-8".

Verification and Ongoing Maintenance

Test accessibility by visiting the file in a web browser and verifying the content displays correctly. Use automated validation tools like ads-txt.ai to check for syntax errors, malformed entries, or HTTP configuration issues. Establish a monthly review process to add new partners as you onboard them and remove entries for terminated relationships. Many publishers discover unauthorized entries or outdated authorizations during regular audits, underscoring the importance of consistent maintenance.

Best Practices and Long-Term Management

Effective ads.txt management extends beyond initial deployment. Publishers who treat their ads.txt file as a living document rather than a one-time configuration task realize significantly better fraud protection and revenue outcomes.

Documentation and Version Control

Maintain comprehensive documentation within the file using comment lines. Record when each entry was added, which team member authorized it, the specific partnership agreement it represents, and any renewal or termination dates. Consider implementing version control using Git or similar systems to track all changes over time. This creates an audit trail that proves invaluable when investigating revenue discrepancies or responding to fraud incidents.

Security and Verification Protocols

Implement monitoring to detect unauthorized modifications to your ads.txt file. Some publishers discover that their files have been compromised weeks after the fact, during which time fraudsters sold inventory under their domain. Set up automated tools like ads-txt.ai to verify your file daily and alert you to unexpected changes. When receiving requests to add new entries, always verify them through established account manager relationships rather than responding to unsolicited emails—social engineering attacks targeting ads.txt files have become increasingly sophisticated.

Multi-Domain and Subdomain Considerations

Publishers operating multiple subdomains face additional complexity. You can either maintain separate ads.txt files for each subdomain or use the subdomain declaration feature to redirect verification to a master file. The latter approach simplifies management but requires careful implementation to avoid broken references. Whichever approach you choose, ensure consistency across all properties to prevent authorization gaps that fraudsters could exploit.

Common Implementation Errors

Despite its simplicity, ads.txt implementation is prone to several critical errors that can completely negate its protective benefits. Understanding these common mistakes helps publishers avoid costly configuration problems.

File Location and Accessibility

The ads.txt file must be accessible at the root of your domain (e.g., example.com/ads.txt), not in a subdirectory. Many publishers mistakenly place the file at example.com/resources/ads.txt or example.com/.well-known/ads.txt. Crawlers follow a strict specification and will not search for files in non-standard locations. Additionally, the file must be served with the correct HTTP status code (200) and content-type header (text/plain). Files served as text/html or with redirect chains may not be properly indexed.

Data Accuracy and Maintenance

Account ID accuracy is paramount—even a single character error renders an entry useless. When onboarding new advertising partners, request the complete ads.txt entry directly from your account manager rather than attempting to construct it manually. Equally important is maintaining current entries. Many publishers fail to remove entries when terminating partnerships, creating security vulnerabilities. Former partners listed in your ads.txt file retain authorization to sell your inventory indefinitely unless explicitly removed. Establish a quarterly review process to audit all entries against active partnerships.