Every time a bot farm generates a million fake streams, that money comes straight out of the pool that should pay artists with real listeners. The IFPI estimates that streaming fraud drains close to two billion dollars a year from global royalties, and the Music Fights Fraud Alliance estimates that nearly 10% of all streams are fraudulent.

limbo/ has joined the Music Fights Fraud Alliance, the global task force working to eradicate streaming fraud. This article explains how bot farms operate, why the traditional payout model rewards them, what Spotify, Apple Music, Deezer and Merlin are doing about it, and how to protect your catalog, with a practical list of what to do and what to avoid as an independent artist.

What streaming fraud is and how it works

Artificial streaming is plays generated by bots, scripts or device farms instead of human listeners. Also called stream manipulation, it uses fake plays, likes and playlist placements to inflate numbers for money or notoriety.

It works because platforms split royalties by total stream volume. Every fraudulent stream diverts money from the shared pool, so when a bad actor manufactures millions of fake plays, they capture a slice of the money that should go to artists with real audiences. Platforms have hardened their stance: Spotify, Apple Music and Deezer now penalize ambient filler and very short tracks, fight bot farms with detection and fines, and require a minimum number of plays before a stream earns.

How bot farms and artificial streaming operate

Fraud has gone from cottage industry to industrial infrastructure. Knowing the methods helps you spot warning signs in your own catalog.

Device farms. Warehouses of hundreds or thousands of real smartphones looping tracks around the clock, using stolen or bought premium accounts. Expensive, but hard to detect because it mimics real users on legitimate devices.

Scripts and emulators. Software that simulates users in browsers or mobile emulators is cheaper and more scalable. Scripts rotate IP addresses, vary listening patterns and run from cloud servers. Detection has improved, but fraud operators keep updating their techniques.

Premium accounts at scale. A black market in premium credentials multiplies the value of each fake stream, because a premium play earns more than an ad-supported one. Operators buy stolen credentials or open accounts with fraudulent cards to maximize the return on each artificial play.

Why the pro-rata model rewards fraud and junk content

The traditional payout model, pro-rata, pools all subscription money and splits it by each track’s share of total streams. If a platform collects 100 million in a month and your catalog is 0.001% of streams, you get a thousand.

The flaw: it rewards volume over quality. A thirty-second white-noise track looping while someone sleeps earns the same per stream as a song a fan searched for and played in full.

Model	How it splits	Main problem
Traditional pro-rata	By share of total streams	Rewards volume over quality
Artist-centric	By unique listeners and engagement	Penalizes functional content

Mass AI-generated tracks, rain sounds and functional content capture streams with no real engagement, diluting the royalties of artists with genuine audiences.

The artist-centric model from Universal and Deezer

Universal Music and Deezer pushed a shift in how royalties are split. The artist-centric model aims to send each subscriber’s money mainly to the artists that listener actually plays and values, not to whoever piles up the most total streams.

Minimum thresholds. Tracks must reach a minimum of unique annual listeners to earn, which strips out the noise from massive catalogs with scattered streams. A track with a thousand streams from only ten unique listeners probably will not clear the bar.

Double weighting for professional artists. Streams from real engagement count for more. When a user searches for an artist, saves their songs or adds them to personal playlists, those streams get weighted up. The system separates intentional listening from passive playback.

Demonetizing functional noise. Rain sounds, white noise and short meditation tracks fall out of the pool or earn less. Deezer led here, and other platforms are weighing similar moves. The goal is for the money to flow toward music listeners actively choose.

What Spotify, Apple Music, Deezer and Merlin are doing

Platforms have moved from passive detection to active penalties. In some cases fraud has become a criminal matter, with arrests and convictions.

Spotify discounts suspicious streams from royalty reports and charges labels or distributors when it detects manipulation in their catalog, working with fraud-detection specialists such as Beatdapp and Pex to identify non-human listening patterns. If your distributor delivers content with artificial streams, you can face direct financial penalties.

Merlin, which represents independent labels in DSP negotiations, requires members to validate content and can remove catalogs with a fraud history. limbo/ is a Merlin member and validates every release against integrity policies before delivery.

Apple Music and other DSPs use machine learning to flag anomalies:

Inconsistent geolocation: streams from countries where you have no active promotion.
Impossible listening hours: plays concentrated when human activity is minimal.
Repeated devices: the same hardware generating streams for many accounts.

When the algorithm flags anomalies, it can withhold royalties, remove streams from the count, or suspend distribution of specific tracks.

The Music Fights Fraud Alliance, and why limbo/ joined

In 2023 the industry admitted that fighting fraud in silos was not working. Isolated efforts let fraud thrive while it harmed artists, fans and the whole ecosystem. The Music Fights Fraud Alliance was formed to unite rights holders, platforms and distributors in a coordinated fight. It is now more than 20 members strong, and it estimates that roughly 10% of all streams are fraudulent, hundreds of millions in lost royalties a year.

The Alliance works with the National Cyber-Forensics and Training Alliance (NCFTA), a nonprofit partnership between private organizations, government and academia, to share data across platforms and disrupt fraud, producing intelligence reports that feed prevention. Its work runs through four member-led task forces: Detect, Prevent, Mitigate and Enforce.

limbo/ is a member of the Music Fights Fraud Alliance. For us this is not a badge, it is the point: protecting the value of independent human music means actively keeping fraud out of the catalogs we deliver, not just hoping the platforms catch it downstream.

How fraud hurts real independent artists

The damage goes beyond direct losses. Artists who never touch manipulation still pay for it:

Diluted royalties: every fake stream lowers the value of real ones, because the shared pool is split across more plays.
Distorted metrics: charts and audience data lose reliability, which muddies A&R, booking and sync decisions.
Reputational risk: being associated with fraudulent playlists or distributors can damage your relationships with DSPs and partners.

An independent artist with a hundred thousand legitimate monthly streams could be losing 10 to 20% of their potential royalties to systemic fraud across the industry.

How to detect and prevent artificial streaming in your catalog

Prevention starts before delivery and continues with constant monitoring.

Pre-delivery validation with acoustic fingerprinting. Fingerprinting before you send to DSPs catches duplicates, stolen content and undeclared AI tracks. limbo/Agent Quality Control runs this automatically against Merlin and major-DSP policies, catching problems before they become takedowns or penalties. The same acoustic fingerprinting underpins YouTube Content ID.
Daily monitoring of spikes and anomalies by DSP. Analytics with automatic alerts flag when a territory or DSP grows abnormally. A sudden spike from a country where you have no promotion is a red flag. limbo/Analytics includes fraud detection and an AI trend engine over daily per-DSP, per-territory data.
Line-by-line royalty reporting by DSP and territory. Without granular visibility you cannot spot suspicious income. If you only see aggregated totals, you cannot tell that 80% of a track’s streams come from a single country with irregular patterns. limbo/Royalties breaks it down to every cent, every DSP, every territory. No black boxes.
AI-content disclosure in DDEX metadata. AI-disclosure fields are now part of DDEX ERN 4.x to comply with Spotify, Apple and other policies. If your music uses AI-generated vocals or instruments, declaring it correctly avoids penalties. limbo/API exposes the fields so you can automate compliance from your own system.

What to do, and what to avoid, as an independent artist

Most fraud is not malicious on the artist’s side. It often happens when an artist falls for a scam or a predatory “promotion” service. The Music Fights Fraud Alliance’s guidance, in plain terms:

Do:

Use legitimate promotion. Work with reputable PR and marketing firms that have a track record and follow DSP guidelines.
Monitor your data. Check Spotify for Artists, Apple Music for Artists and your distributor’s analytics, and set alerts for sudden spikes in streams, followers or playlist adds.
Pitch to official editorial playlists through Spotify and Apple Music, not paid third-party curators.
Educate your team. Make sure your distributors, marketers and curators know the rules and avoid risky services.
Report suspicious activity. Flag dubious services and unusual spikes to your distributor or DSP.

Avoid:

“Pay-to-play” schemes that guarantee streams, playlist placements or followers. If it sounds too good to be true, it is.
Buying streams or bot-driven “growth” services, and paying for playlist placement.
Signing promotion contracts that promise “guaranteed streams.” Read the fine print.

If your music gets flagged: stay calm, because it may be external bots targeting you rather than anything you did. Read your distributor’s notice, review your data for the irregularity, and work with your distributor to appeal to the DSP with evidence of organic growth. Cut off any third-party service you suspect caused it.

The future of royalties and AI-generated music

More DSPs are weighing artist-centric or hybrid models that blend pro-rata with engagement weighting, separating active from passive listening and penalizing functional content and artificial volume. AI-content regulation is moving fast, and mandatory identification of synthetic content is likely to become an industry standard. Distributors that do not support AI-disclosure fields in their DDEX flows will fall out of compliance. Fraud is one of two forces squeezing independents in 2026; the other is major-label consolidation of the distribution infrastructure itself, like Warner acquiring Revelator.

Build a clean catalog with limbo/

Protecting against fraud takes infrastructure built for integrity from the first step. limbo/ is modular Music Blocks, and several of them exist to keep your catalog clean and your royalties protected:

limbo/Agent Quality Control: automatic validation against Merlin and DSP policies before every delivery.
limbo/Analytics: AI fraud and anomaly detection over daily per-DSP, per-territory data, by dashboard or API.
limbo/Royalties: line-by-line reporting with no middlemen, and private data that is never shared with majors or venture capital.
limbo/API: AI-disclosure fields and opt-in/opt-out for automated compliance under DDEX ERN 4.x.

As a Merlin member and a member of the Music Fights Fraud Alliance, keeping fraud out is part of how we work, not an afterthought. We do not publish rate cards, because the right setup depends on your catalog and goals. Start the conversation with limbo/.

Frequently asked questions

What is the minimum play length to count as a valid stream on Spotify? Spotify requires at least thirty seconds of playback for a stream to count and earn royalties. Shorter plays are not counted in the split.

Can a playlist with bots get my music removed from platforms? Yes. DSPs can pull tracks or penalize a distributor’s account when they detect artificial streams on a release, even if the artist never bought the fraudulent service.

Is AI-generated music banned on Spotify and Apple Music? No, but AI-generated music must be declared correctly in the metadata and comply with each platform’s policy on synthetic content. Failing to declare it can lead to takedowns or demonetization.

How do you declare that a track contains AI-generated vocals or instruments? Through specific AI-disclosure fields in the DDEX ERN 4.x standard. Your distributor has to support the fields and transmit them correctly to the DSPs at delivery.

What happens to a distributor that delivers music with artificial streams? DSPs can withhold royalties, charge penalties, suspend the distributor’s account or terminate the contract. The penalty affects every label and artist under that distributor, not just the problem catalog.