Key Takeaways

• An unauthorized seller is any entity selling a publisher's inventory without being listed in the publisher's ads.txt file. It's a technical status, not necessarily a moral judgment.
• Unauthorized sellers fall into two categories: legitimate partners with missing ads.txt entries and actual bad actors. The first is a publisher oversight. The second is fraud.
• DSPs treat all unauthorized sellers the same way: with reduced trust or outright rejection. Whether the omission is accidental or malicious, the revenue impact is the same.
• Publishers create unauthorized sellers by not maintaining ads.txt. Every SSP or reseller you work with but don't list in ads.txt is technically unauthorized.
• Fixing unauthorized seller issues is straightforward but requires attention. Add missing entries, remove bad actors, and monitor for new unauthorized activity.

---

What "Unauthorized Seller" Really Means

In programmatic advertising, "unauthorized seller" has a specific technical definition.

It means an entity that's selling (or claiming to sell) a publisher's inventory but doesn't appear in the publisher's ads.txt file.

The term sounds alarming, and sometimes it should be. Domain spoofing and unauthorized reselling are real threats. But in many cases, "unauthorized seller" is simply a legitimate SSP or reseller that the publisher forgot to add to ads.txt, or an account ID that was entered incorrectly.

The distinction matters for how you respond. But it doesn't matter for the revenue impact. Whether the unauthorized status is accidental or malicious, DSPs see the same red flag and respond the same way.

The Technical Definition

The ads.txt standard defines authorized sellers as entities explicitly listed in a publisher's ads.txt file. Any entity attempting to sell that publisher's inventory that isn't listed is, by definition, unauthorized.

When a DSP receives a bid request claiming to be inventory from publisher.com through SSP-X account 12345, it checks publisher.com/ads.txt. If SSP-X with account 12345 isn't listed, the seller is unauthorized.

The DSP doesn't know why the entry is missing. Could be fraud. Could be an oversight. Could be a new partnership where the publisher hasn't updated ads.txt yet. The DSP only knows the authorization check failed.

Why Unauthorized Sellers Exist

Legitimate Causes

New SSP partnerships. A publisher signs up with a new SSP and starts serving ads but hasn't added the SSP to ads.txt yet. The ads are serving, the SSP is running auctions, but from the DSP's perspective, the supply is unauthorized.

Account ID changes. The SSP migrates to a new platform and changes account IDs. The publisher's ads.txt still has the old ID. The new ID is technically unauthorized even though the relationship is the same.

Reseller chains. A publisher lists SSP-A in ads.txt as a direct partner. SSP-A resells the inventory to Exchange-B. If the publisher doesn't also list Exchange-B as a reseller in ads.txt, Exchange-B is an unauthorized seller of that inventory.

Typos and formatting errors. An extra space, a wrong digit, or a misspelled domain in ads.txt means the entry doesn't match what the SSP reports. The SSP is effectively unauthorized because of a data entry error.

Forgotten updates. A publisher added entries when they first set up ads.txt but hasn't updated it since. New SSPs, account restructurings, and partner changes have made the file outdated.

Malicious Causes

Domain spoofing. A bad actor claims to sell inventory from a premium publisher's domain. They create fake bid requests that appear to come from the publisher. If the publisher has ads.txt, DSPs can detect this because the bad actor's SSP and account aren't listed.

Unauthorized reselling. An intermediary obtains a publisher's inventory (through a legitimate SSP) and resells it through channels the publisher didn't authorize. The impressions are real, but the resale path isn't in ads.txt.

Account hijacking. A bad actor gains access to a legitimate SSP account and uses it to sell inventory the publisher didn't authorize. The SSP and account might be in ads.txt, but the entity controlling the account isn't the authorized seller.

How DSPs Handle Unauthorized Sellers

Strict Enforcement

The majority of major DSPs now enforce ads.txt strictly. When a bid request arrives from an unauthorized seller, these DSPs either:

• Reject the bid entirely. The bid opportunity is discarded without placing a bid.
• Flag and exclude. The bid opportunity is logged as unauthorized and excluded from all campaigns.

For publishers, strict enforcement means zero demand from these DSPs on unauthorized supply paths.

Partial Enforcement

Some DSPs apply a middle ground:

• Bid with heavy discount. The DSP bids on the impression but at a way reduced price that accounts for the authorization risk.
• Restrict to specific campaigns. The unauthorized supply is only eligible for campaigns with lower quality requirements or broader targeting.

No Enforcement

A declining number of DSPs don't check ads.txt at all or only check it for specific campaign types. These DSPs bid normally on unauthorized supply.

This group is shrinking as industry transparency requirements tighten.

The Revenue Impact

The revenue impact of unauthorized sellers depends on which category applies:

Legitimate partner missing from ads.txt: You lose premium demand from every DSP that enforces ads.txt on that supply path. The SSP still sells your inventory, but to fewer bidders at lower prices. Fix: add the entry to ads.txt.

Reseller you didn't know about: If one of your SSPs resells your inventory through channels not in your ads.txt, those channels are unauthorized. The resold inventory gets lower CPMs. Fix: decide whether to authorize the reseller (add to ads.txt) or ask the SSP to stop reselling.

Actual fraud: Bad actors selling fake or unauthorized versions of your inventory. This can damage your domain's reputation with DSPs if the fraud is widespread enough. Fix: ensure ads.txt is complete so DSPs can identify and block the unauthorized sellers.

How to Detect Unauthorized Sellers

Check Your Own Setup

The simplest unauthorized seller check: is every SSP and reseller you work with listed correctly in ads.txt?

1. Get a list of all SSPs you send ad requests to
2. Get a list of all resellers your SSPs work with on your behalf
3. Compare both lists against your ads.txt
4. Any SSP or reseller missing from ads.txt is technically an unauthorized seller

Monitor for External Unauthorized Activity

Detecting unauthorized sellers you don't know about is harder:

• SSP transparency reports. Some SSPs provide reports showing where your inventory is being sold. Compare this against your authorized seller list.
• Supply chain monitoring tools. BeamFlow's scanner cross-verifies your ads.txt against the broader ecosystem to identify potential unauthorized sellers.
• DSP feedback. If you have relationships with DSPs or agencies, they may flag unauthorized sellers they detect when buying your inventory.

Watch for Red Flags

• Revenue from an SSP you don't have a direct relationship with
• Bid requests or impressions originating from unexpected sources
• SSPs contacting you about account issues you don't recognize
• Unusual traffic patterns or sudden changes in supply path metrics

How to Fix Unauthorized Seller Issues

For Legitimate Partners

Add the missing entry. Update ads.txt with the correct SSP domain, account ID, and relationship type. The entry should be active within 24-72 hours as DSPs refresh their ads.txt cache.

Verify the entry. After adding, check that the entry matches the SSP's sellers.json data. An authorized seller with a sellers.json mismatch is only partially fixed.

For Unwanted Resellers

Contact your SSP. If an SSP is reselling your inventory without your knowledge, contact them to understand the arrangement and decide whether to authorize or prohibit it.

Decide and document. If the reseller adds meaningful demand, add them to ads.txt. If not, ask the SSP to stop the reselling arrangement.

For Fraud

Ensure ads.txt is complete and accurate. A complete ads.txt file is the primary defense against domain spoofing. When all legitimate sellers are listed, DSPs can reject everything else.

Report to SSPs. If you identify specific unauthorized sellers, report them to the SSPs involved. SSPs can take action against accounts misusing their platform.

Monitor regularly. Fraud patterns change. New unauthorized sellers can appear at any time. Regular monitoring catches new activity before it causes big damage.

Frequently Asked Questions

Is every unauthorized seller a fraud risk?

No. Many unauthorized sellers are legitimate partners with missing ads.txt entries. But all unauthorized sellers (legitimate or not) reduce your CPMs because DSPs can't verify the authorization. Fix legitimate omissions. Investigate unknown entities.

How long does it take for a new ads.txt entry to take effect?

Most DSPs cache ads.txt data and refresh every 24-72 hours. After adding a missing entry, expect the authorization to be recognized within one to three days. Some DSPs refresh faster; a few take up to a week.

Should I add entries for every reseller my SSPs use?

It depends on your approach. Some publishers list only direct SSP relationships and leave reseller management to the SSPs. Others list all known resellers for maximum transparency. The more complete your ads.txt, the more supply paths are authorized and verified. The trade-off is maintaining a bigger, more complex file.