I have just received my second email, so I asked https://shadowserver.org to look into it for me.
They were pretty quick with the reply.
The report doesn't give a whole lot of identifying information, but rather only says "_spotify-connect._tcp.local.".
So, I can at least tell you that Spotify is the culprit, but I can't tell you /what/ device the Spotify service is running on.
Hope this helps,
So it's spotify, ironically spotify is run and partially owned by Daniel Ek. Who also ran Napster and μTorrent, so no surprise when I discovered that Spotify caches songs locally and also streams them to other users. It's partially decentralised. Hence port 5353 mDNS.