How to Increase Digital Advertising ROI by Killing Bad Bots


As any experienced digital marketer will tell you, the secret to a successful advertising campaign is simple: targeting. We all want to show the right message, with the right product, at the right time, to the right type of person and in the right channel.

In fact, “targeted advertising” is so fundamental in the digital space that we all simply call it “advertising”. That said, what happens when your “target audience” is infested with bots, competitors, and automated click farms that sip your precious advertising budget?

Below, I explain how to measure the impact of ad fraud (also known as invalid traffic) on your website, how to detect certain forms in real time, and how ad teams can use new methods to defend against and stop fraud. advertising in its tracks. .

How much “bought” traffic is actually bot traffic?

The first question we often ask ourselves is how much of my paid traffic is wasted. Unfortunately, the answer is not as simple as the vendors suggest, but we can get a good approximation through some simple segmentation techniques in Google Analytics.

Look at the engagement.

To start, we want to see the percentage of visitors engaged with the website. Engagement has a broad meaning here, with only the most capricious web visitors being excluded. For our use here, an engaged user is one who has a session duration of at least 10 seconds or who visits more than one page. Below are three examples of the segment applied to three different companies with decreasing levels of ad fraud.

This first example shows a small percentage of engaged users, suggesting that a large portion (~58%) of website visitors don’t actually show any signals of engagement. While it’s unfair to say that 58% of users are fraudulent, such a low engagement rate suggests an underlying problem: either website behavior, such as speed, and/or acquisition issues, like ad fraud.

This next website is smaller (much less paid media), but has a higher percentage of visitors who show engagement. This level of engagement is pretty much standard for an e-commerce website, with 60% engagement rates being the benchmark without enhanced protection methods.

Finally, this example shows a customer with a high engagement rate (90%) and illustrates the impact of active protection and advanced targeting.

This segment is most useful when viewed by channel, allowing ad teams to understand rate by differentiating traffic sources. For example, a client recently discovered that his affiliate campaigns had a significantly lower engagement rate than his Google Ads campaign. Once an ad fraud protection system was put in place, the two channels ended up within 10% of each other. This suggests that the discrepancy was largely due to fraudulent clicks from the affiliate channel.

The key to remember here is to estimate the level of wasted traffic by looking at engagement rates. Engagement rates below 60% often indicate either significant site speed issues leading visitors to simply abandon the website, tracking errors (less common, but possible), or a high rate of suspicious traffic and automated (robot traffic). This segment can also be run per channel, and given some knowledge of the cost per click on these channels, we can get an approximation of “ad waste” dollars.

For example, if the Facebook channel has an engagement rate of 35% with an average daily spend of $5,000, we can estimate our loss to fraud to be between $1,250 (assuming an engagement rate 60%) and $3,250 (assuming a 90% commitment rate). engagement rate). For mid-market e-commerce customers, we found that the average daily loss for Google Ads and Facebook was around $11,000.

Defend against ad fraud

The only way to defend against fraudulent ad clicks (and the drain on your media budget) is to stop serving ads to fraudulent users. Essentially, the secret to effectively combating ad fraud is targeting, or more specifically, “de-targeting.”

What is detargeting?

Scaling is the process of adding exclusion rules to your target audiences, i.e. the definitions you use to define who/what and when to show your product. Previously, the most common detargeting method was IP exclusion lists. Media agencies would create a set of known IP addresses where fraudulent clicks come from, including data centers, VPN providers, etc., and add them to their advertising platforms to ensure that at least some advertisements were available to be clicked. The problem is simply scale.

The largest IP exclusion available is on Google AdWords, but the limit is 500 IP addresses. Microsoft Bing is even smaller, with only 100 IP addresses available to add to detargeting. Finally, Facebook does not offer any de-targeting option by IP address. Setting aside the management overhead of maintaining “primary” IP addresses to exclude, the problem for online retailers is that the detargeting option is simply too small.

To add additional protection, media buyers can add other exclusions to their audiences. Common examples include exclusion by country, exclusion by browser (or restricting ads to only show on certain known browsers) or other custom exclusions based on more complex data attributes.

Edge Computing + Detargeting

With the rise of edge computing – where brands can change content actions on the fly in response to every browser request – a new dynamic scaling model has emerged. When combined with edge bot detection, modern online stores implement features such as “bot tagging” or “bot redirection”. The idea is quite simple. When a request comes to the website with all the telltale signs of a bad actor, simply redirect the request to a new subpath.

For example, if your site is and a request comes from a known bot or bad IP address, we simply redirect the browser to This allows tracking engines such as Google, Facebook and others to operate on the website, ensuring that every advertising platform you use today collects information about that user who visited the quarantined version of the website. Media buyers then add a one-time exclusion rule such as “exclude any visitor who has visited”. This effectively uses the retargeting power of ad platforms to automatically weed out bad actors.

And there you have it, how to deal with and eliminate bad bots by taking off intruders. Redirection is protection, especially when it comes to fraudulent traffic to your online store.

Jake Loveless is the CEO of borderthe global web acceleration company he co-founded with two partners in 2016.


About Author

Comments are closed.