The Cookie Bomb Time Bomb: Finding Fault With the Last-Click Attribution Model


It’s a common trend among affiliate marketing companies and those who provide services to help drive online conversions: Cookie-bombing is on the rise. It has several permutations and manifestations, but all scenarios point to the concept of gaming the ad delivery system by driving up the number of ad impressions as cheaply as possible, regardless of targeting, content or frequency.

The idea behind cookie-bombing is to focus on quantity over quality, to really scatter-shot ad delivery across the Internet in high volumes in order to drive impressions and conversions. An example of this would be serving large volumes of the same ad to every user they can find in a hardly visible ad unit buried at the bottom of a page.

The fact that these ads tend to appear on lo-quality sites that serve several ads on long pages makes cookie-bombing so difficult to identify and sequester. Ultimately, it has a deleterious affect on the validity of campaign metrics when paired with a las- touch attribution model.

I sat down with to Mike Leo, CEO of Operative to discuss this issue. According the Leo, “the ‘spray and pray’ strategy agencies and networks adopt (aka cookie bombing) shamefully takes advantage of the faulty ‘last touch’ attribution model under the guise of producing high baseline conversions with low-cost impressions. Cookie bombing wreaks of poorly incentivized behavior and ultimately, it is the advertisers who fall victim to misrepresented performance results and a diluted brand. Meanwhile, other top-of-the-funnel tactics get sidelined because their performance doesn’t appear to stack up.”

For those sketchy affiliate marketing programs that only look at the last click when assigning conversion credit, many may use cookie-bombing to drive impressions, thereby altering the ad landscape and baseline for CPM and campaign optimization. In many cases, you can see this as affiliates getting credit and commission where they normally would not.

Clearly, cookie-bombing tactics can have a negative impact on brand reputation and relevance. Ever see those grossly inappropriate ads that have nothing to do with page content, like a feminine-products ad on a tool and hardware site? While it may make you chuckle, you realize that the advertiser would be pretty unhappy to see their brand positioned this way across the web.

One company called GeoEdge provides brands and agencies with a real-time view of how their ads are displaying visually on any page in any country around the world. This is needed because page localization can sometimes alter page content across geo-locations, and advertisers certainly want to see exactly how their ads appear to their customers, as well as the context within the page.

Cookie-Bombing vs. Cookie-Stuffing

Cookie-bombing should not be confused with the concept of cookie-stuffing, a known issue that online multi-attribution company Convertro recently published a white paper about, revealing some of the industry’s worst offenders. In a May post, Ben Edelman of Harvard Business School described cookie stuffing as affiliates that “deposit cookies invisibly and unrequested — knowing that a portion of users will make purchases from large merchants in the subsequent days and weeks. This tactic is particularly effective in defrauding large merchants: the more popular a merchant becomes, the more users will happen to buy from that merchant within a given referral period.”

This act would unnaturally assign conversion credit to these third-party affiliates, who would then receive a commission for the sale.

“Cookie tampering is a serious issue in online marketing that needs to be addressed,” said Jeff Zwelling, CEO of Convertro. “Web browser toolbars, coupon loyalty sites and malware are also known methods by which most people cookie-bomb, and brands need to be aware of this issue facing our industry.”

Leo from Operative offered a couple of possible solutions.

“There are two ways we as an industry can deal with cookie bombing: The first is through a better multi-touch attribution model, and the second by embracing viewable impressions versus non-viewable impressions,” he said. “The first addresses the false prophecy that the last impression wins, ensuring other tactics get equal credit for influencing a conversion. And the second, adopting viewable impressions, not only ensures marketing dollars are not wasted on unseen ads, but more importantly, that the bad actors don’t get compensated for delivering unicorns.”


  1. While I don’t believe that willful cookie bombing is a widespread policy of most ad Networks, it only takes a few bad actors to wreak havoc. As long as there is money to be made in any industry, there will always be fraud and deceptive practices at play to game the system.

    At Tru-Signal, we develop highly customized audiences for each client and market to their best prospects. We carefully manage frequency caps and calculate the point of diminishing returns (so as not to damage the brand). That number seems to be around 8-10x per 30 days.

    Sometime we even have to turn away business, because of the attribution methodology they have (or don’t have) in place. Other times, we can help illustrate the problem through analytics. According to Forrester Research, close to 70% of marketers either use last click or NO attribution method whatsoever to assign credit.

    If the 70% number is to be believed, we definitely have a long way to go as an industry. Countless client studies we have conducted show that display is excellent at influencing users early in the consideration phase, but a marketer needs to have the right attribution tools in place or they are opening themselves up to a massive fraud opportunity.

    The fraudsters are here to stay, we just need better tools to combat them and protect our clients’ brands!

  2. […] The Cookie Bomb Time Bomb: Finding Fault With the Last-Click Attribution Model This is needed because page localization can sometimes alter page content across geo-locations, and advertisers certainly want to see exactly how their ads appear to their customers, as well as the context within the page. Cookie-Bombing vs. Cookie- … Read more on ADOTAS […]

  3. Let me be brutally honest. From where I sit all the successful Adnets and now ATD’s are involved in massive Cookie Bombing campaigns. Those that do not use this strategy don’t stay on agency media plans.

    The challenge is using the current PI attribution model – without getting the last cookie on a user – you are not going to get credit for conversions you actually created and you are not going to get a renewal.

    If you visit or most any entertainment site and scroll 6 – 12 pages BTF with Ghostery you will see all the usual suspects.

    Until we have the plumbing to action viewable impressions I don’t see this changing anytime soon. Re-Marketing and Cookie Bombing go together like Peanut Butter and Jelly to maximize conversions with the current attribution scheme.


Please enter your comment!
Please enter your name here