Silent Blocking: Why Fraudsters Should Never Know They Have Been Caught
You caught the bad traffic. A publisher was firing thousands of clicks from a single data-center IP range, and your fraud filter did exactly what you built it to do: it stopped the click cold with a hard 403. Blocked. Rejected. A tidy red error page.
And that is the moment you lost.
Because the fraudster on the other end of that request just learned something valuable. They learned exactly which of their techniques trips your defenses. They know the click failed, they know roughly why, and within an hour they will rotate the IP, swap the user agent, throttle the velocity, and try again. Every visible block is a free tuning signal. You are not stopping fraud so much as running a training academy for it.
The problem with a slammed door
Traditional fraud prevention treats blocking as a binary, loud event. The request is bad, so you kill it and tell everyone. It feels satisfying and decisive. It is also the single most counterproductive thing you can do against a motivated adversary.
Fraud at scale is iterative. The people generating fake clicks and manufactured conversions are not gambling on a single attempt — they are probing. A hard rejection is the cleanest possible feedback loop: try, observe failure, adjust, repeat. The faster and clearer your "no," the faster they converge on the exact configuration that slips through.
Think of it the way a good physician thinks about a course of treatment. You do not tell the infection you are treating it. You quietly deprive it of what it needs to spread and let it burn out without ever adapting to the pressure.
Silent blocking: redirect the visitor, drop the record
TrackingMD's fraud engine — internally we call it Guardian — takes the opposite approach by default. When a click crosses the risk threshold, the visitor's browser is still redirected to the advertiser's destination exactly as it would be for legitimate traffic. Same 302, same landing page, same experience. From the fraudster's vantage point, nothing happened. The link worked.
What changed is invisible to them: the click is never recorded as a valid, attributable event.
Here is the actual sequence inside the redirect handler:
- Every incoming click is scored by a stack of independent rules — IP blocklists, proxy and data-center detection, click velocity, geo-velocity, bot signatures, cookie-stuffing patterns, duplicate traffic, shared-identity signals, and more.
- The combined risk score maps to one of four actions: allow, monitor, flag, or block.
- When the action is block, Guardian's default behavior is silent redirect. The visitor is sent onward to the advertiser. No attribution cookie is set on their browser.
- The click is written to your records marked with an internal blocked flag — logged for your forensics, but excluded from the numbers your publisher gets paid on.
That last point is the whole game. The traffic is captured for your detection and investigation, but it earns the fraudster nothing. No cookie means no attribution window. And because the click carries the blocked marker, any conversion that later tries to claim it is rejected outright — the conversion endpoint refuses attribution the moment it sees the originating click was blocked at recording time.
Why "no cookie" is the quiet kill switch
A publisher only gets paid when a click leads to an attributed conversion. Attribution depends on the tracking cookie dropped at redirect time. By silently withholding that cookie on blocked traffic, Guardian severs the payout chain without ever raising an alarm.
The fraudster sees their visitor land on the offer. They see traffic flowing. What they cannot see is that none of it will ever convert in a way that pays out — and they get no error message explaining why. There is no signal to optimize against, because from the outside the campaign looks like it is simply underperforming, which is indistinguishable from ordinary bad luck.
That ambiguity is the point. Industry practitioners have long observed that sophisticated affiliate fraud adapts fastest when given precise failure signals. Denying the signal is worth more than denying the click.
Blocking modes, and when a hard 403 still makes sense
Silent redirect is the default, but it is a configurable posture, not a religion. Guardian supports a strict rejection mode that returns an outright 403 when you want it — useful for known-bad automated abuse where preserving your detection edge matters less than shedding the load, or for internal testing where you want the block to be observable.
| Silent redirect (default) | Hard reject | |
|---|---|---|
| Visitor experience | Lands on the offer normally | Sees an error / blocked response |
| Fraudster feedback | None — looks like success | Immediate, precise |
| Click recorded for your forensics | Yes, flagged as blocked | No |
| Attribution / payout | Severed silently (no cookie) | Severed loudly |
| Best for | The vast majority of suspected fraud | Known abuse, load shedding, testing |
For everyday program defense, silent wins almost every time. The moment you make blocking visible, you trade a durable, compounding detection advantage for the fleeting satisfaction of a red error page.
What this protects — and who it never touches
The quiet part matters most for the people who deserve it least of your suspicion: your legitimate publishers. Silent blocking operates click-by-click on risk signals. It does not blacklist a partner, freeze an account, or fire a confrontational notification over what might be a false positive. Good publishers sending clean traffic never feel a thing, because their clicks are never the ones being suppressed. There is no collateral damage from an overzealous, loudly-enforced rule.
Meanwhile you retain the full forensic trail. Every blocked click is still in your data, scored and flagged, feeding your dashboards, your outlier analysis, and your cross-account scans. You lose none of the visibility — you simply stop broadcasting that visibility to the person you are investigating.
The long game
Fraud prevention is not a wall you build once. It is an ongoing course of care for a program that will be probed for as long as it pays money out. The advertisers who stay ahead are not the ones with the loudest blocks — they are the ones whose defenses are invisible, whose detection quietly compounds while their adversaries burn cycles optimizing against a signal that never comes.
Keep the door open, keep the record, and keep the fraudster in the dark. The less they know about what you caught, the longer your edge lasts — and the more of your budget ends up rewarding the publishers who actually earned it.
See it in your own program
Start your free 7-day trial and put these ideas to work — no credit card required.
Start free trial