To actually enforce the policy described in that link, would require authenticating websites when rendering ads. Otherwise, one could just embed an ad from a different domain, and easily defeat this process.
I'm not sure why the parent (throwaway2048) is getting downvoted over this. He's correct. The attack is as follows:
You want to attack (send fake traffic to) example.com, but example.com has implemented a captcha system (think cloudflare interstitial). If you directed your bots to visit example.com, they'd have to solve the captcha to view the ads. However, there's nothing stopping you from solving the captcha once, getting the page source, and serving that to your bots. This works because example.com doesn't serve any ads directly, it only embeds a <script> or <iframe> element to adsense. Since the bots are under your control, it's trivial to set up the redirection (eg. hosts file or HTTP proxy). HTTPS isn't a problem either because you can MITMing yourself with a self signed certificate, which is not a problem either as you can get your bots to trust that certificate.
From the perspective of the adsense script, it's impossible to tell whether the bot is visiting the real example.com or a fake version, since the browser is under the attacker's control. The only way to mitigate this attack would be some sort of one time use token that's generated server-side by example.com, and authenticated by adsense each time it tries to display an ad, which I doubt adsense supports.
