How to Audit Suspicious Streaming Traffic
Audit suspicious streaming traffic by freezing an exact UTC window, track, release, and baseline, then exporting streams, listeners, streams per listener, followers, source mix, playlists, and countries. Join those records to ads, tagged links, creators, press, radio, live events, vendors, and notices. Classify the event as expected, unexplained, suspicious, or platform-confirmed without inventing a fraud threshold.
Lead visual
Safe music promotion map
Context
Promotion · Safety
What this guide is helping you understand.
Decision
Audit suspicious streaming traffic
The practical choice or setup step to get right.
Next
Action
What to check before you move the release forward.
Promotion · Safety
Ratio system map
Decision
Match the numerator and denominator before interpreting depth or listener action.
Evidence
Song, release age, dates, territory, source filter, unique listeners, streams, saves, and playlist adds.
Risk
Mixed scopes can create a precise percentage that compares different audiences or reporting windows.
Good outcome
A reproducible ratio that can be read beside reach and source mix without becoming a false benchmark.
Key takeaways
- Freeze the first observed state before public counts, playlists, campaigns, or private dashboards change.
- Use the recording's own comparable history instead of a universal industry benchmark or detector score.
- Separate active and programmed sources, then join each change to countries, playlists, listeners, and events.
- Record observed facts, calculations, vendor claims, platform notices, conclusions, and unknowns as different fields.
- End the audit with a classification, containment decision, reporting owner, monitoring window, and next review date.
How should a suspicious-traffic audit proceed?
Traffic forensic loop
Eight passes from snapshot to decision
- 01
Pass 1
Snapshot
Save page, track, release, public count, message, date, UTC range, filters, screenshots, exports, and observer.
- 02
Pass 2
Scope
Identify affected recording, version, ISRC, release, territory, source, playlist, listener, follower, and account boundary.
- 03
Pass 3
Baseline
Choose matching prior windows and catalogue comparators with similar release age, campaign state, territory, and source context.
- 04
Pass 4
Calculate
Record transparent changes in streams, listeners, repeats, followers, source share, country share, duration, and concentration.
- 05
Pass 5
Join
Match ads, links, posts, creators, press, radio, shows, playlists, vendors, payments, reports, and access to the same window.
- 06
Pass 6
Challenge
Test legitimate explanations, missing evidence, time-zone differences, reporting lag, aggregation, and alternative sources.
- 07
Pass 7
Classify
Use expected, unexplained, suspicious, or platform-confirmed and write the evidence supporting and limiting that state.
- 08
Pass 8
Act
Assign containment, vendor, distributor, Spotify report, legal, finance, communications, monitoring, and closure decisions.
Which fields make the traffic audit reproducible?
Forensic evidence record
Ten fields to save with every event
Identity
Artist, track, version, ISRC, release, UPC, Spotify URI, distributor release ID, and account.
Keeps catalogue versions and notices attached to the correct asset.
Scope
First observed time, UTC dates, comparison dates, metric, territory, source, playlist, device if known, and filters.
Allows another reviewer to reproduce the view.
Baseline
Ordinary range, equal prior period, release stage, campaign state, weekday, comparator, exclusions, and rationale.
Shows whether the event differs from a relevant history rather than a chosen outlier.
Audience
Streams, listeners, streams per listener, followers, saves or playlist adds where available, and public count.
Separates reach, repetition, fan action, and listener-facing correction.
Source
Active and programmed breakdown, artist profile, library, queue, editorial, personalized, autoplay, other playlists, and Other.
Locates where the observed listening entered the system.
Playlist
URI, owner, description, follower display, track position, first seen, listener contribution, payment, outreach, and screenshots.
Connects playlist evidence without assuming the curator caused the traffic.
Territory
Top and new countries or cities, share change, known fan base, targeting, media, creator, radio, show, and time-zone context.
Tests whether location movement has a documented audience path.
Campaign
Account, vendor, dates, targeting, creative, spend, delivery, clicks, tagged links, landing pages, posts, contacts, and exports.
Replaces a campaign name with evidence of what actually ran.
Notice
Platform or distributor sender, affected period, finding, action, amount, deadline, evidence request, route, case, and result.
Separates official confirmation from artist analysis.
Decision
Classification, confidence, unknowns, containment, report, owner, due date, monitoring, advice, outcome, and closure.
Turns the audit into accountable action and a future baseline.
How should common traffic patterns change the next check?
| Next evidence to collect | Conclusion to avoid | |
|---|---|---|
| Streams rise, listeners do not | Repetition, source, playlist, track length, fan behavior, programmed use, campaign, territory, and duration | High streams per listener proves automation |
| New country concentration | Ad targeting, creator posts, playlist listeners, radio, press, live events, fan links, source mix, and prior country history | Listeners in an unexpected country are fake |
| Other source grows | Exact dates, release and audience views, playlist data, links, embeds, external activity, provider records, and reporting limitations | The Other category is artificial by definition |
| Followers spike then fall | Follower dates, listeners, saves, social and email growth, campaigns, contests, platform notices, and repeated patterns | Every short-lived follower change came from a paid playlist |
| Public and private counts differ | Public count captures, private dashboard, Spotify message, distributor statements, royalty report, notice period, and refresh dates | The private dashboard is the final payable stream total |
An audit can remain unresolved
Missing playlist visibility, private detection methods, delayed statements, or incomplete vendor records may prevent a final explanation. Preserve the unresolved state, contain controllable risk, report supported facts, and schedule another review instead of manufacturing certainty.
keep track, ISRC, release, and platform identity aligned in the case file
Which official analytics sources support the audit?
Frequently asked questions
What data should I export after a suspicious stream spike?+
Save the track and release identifiers, exact UTC date range, streams, listeners, streams per listener, followers, source-of-streams breakdown, top playlists, countries, and any Spotify for Artists discrepancy message. Capture public counts too. Add ad delivery, tagged-link data, creator posts, press, radio, live events, vendor reports, invoices, placement records, communications, distributor statements, and platform notices for the same period.
How far back should I compare suspicious traffic?+
Use a comparable baseline long enough to show ordinary variation for that recording, release stage, weekday pattern, territory, and campaign state. Also compare the immediately preceding equal-length window and any prior similar event. Do not use the artist's biggest track or lifetime average by default. Record why the baseline belongs and preserve each selected date range and filter.
Which Spotify source-of-streams categories matter?+
Spotify divides sources into active and programmed listening. Active sources include artist profile and catalogue, a listener's own playlists and library, and queue. Programmed sources include editorial playlists, personalized systems and autoplay, and other listeners' playlists. Compare the source that moved with track, listeners, countries, playlists, and campaign evidence. A surprising category is a lead, not a verdict.
Can I calculate a bot score from Spotify for Artists?+
No reliable public formula can reproduce Spotify's proprietary detection. You can calculate transparent observations such as percent change, source share, country share, streams per listener, follower change, duration, and concentration. Use them to prioritize evidence collection and monitoring. Do not publish a universal pass or fail threshold, label traffic artificial, or teach manipulation based on those ratios.
What if the spike came from a legitimate campaign?+
Document the causal candidate without overstating causation. Match the campaign's actual dates, territories, delivery, clicks, content, placements, referral links, and audience to the listening change. Preserve account-level evidence rather than a provider summary. Classify the event as expected only when the explanation fits the observed scope. Keep monitoring because legitimate promotion can coincide with unrelated suspicious activity.

Get better release strategy in your inbox
Release planning checklists, royalty explainers, and artist strategy notes from Velveteen. No daily noise.
Was this useful? Send a signal or flag a correction.
Keep reading
Pillar guide
Safe music promotion and streaming fraud
An eight-gate promotion safety chain joining provider diligence, written scope, artist-controlled accounts, traffic baselines, anomaly diagnosis, containment, official reporting, and measured follow-up.
Related guide
Fake playlist warning signs
A ten-signal playlist diagnostic separating expected, unexplained, suspicious, and platform-confirmed activity while preserving Spotify, campaign, vendor, playlist, and notice evidence.
Related guide
Source of streams explained
A six-family diagnostic for where Spotify listening starts and whether programmed discovery is turning into intentional catalog listening.
Check your metadata before your distributor does
Run your titles, credits, copyright lines, and ISRC and UPC codes through the free checker and catch the rejection-bait errors before you upload. It all runs in your browser.