The way the link between companies and spammers usually works is that the spammer is contracted at arms length as an 'affiliate' and is paid per lead. The company will try to be willfully ignorant of the tactics being used so they can claim that they just have an affiliate program and they don't know how the traffic is generated.
Edit: To clarify, I'm not saying that this is what Airbnb did. In fact the original post said the emails had clean urls without referral IDs. To me that suggests a sloppy internal campaign with no metrics.
yeah, any company caught doing something like this would likely respond pretty much just like this, intentional or not.
rogue contractors or unauthorized employees, they were acting without the knowledge/consent of higher ups, they've since been fired or contracts terminated, etc..
Your description presumes too much that the company intends the result. It is true that there are some willfully ignorant companies. However companies that try to have good affiliate programs often find those programs difficult to police.
Until you have specific evidence otherwise in any particular case, it is best not to be too fast to ascribe to malice. (Of course that benefit of the doubt is exactly what unethical companies are hoping to take advantage of.)
Edit: To clarify, I'm not saying that this is what Airbnb did. In fact the original post said the emails had clean urls without referral IDs. To me that suggests a sloppy internal campaign with no metrics.