January 9, 2026
Outrage-bait in your inbox
Why is SendGrid emailing me about supporting ICE?
Hackers use fake “Support ICE” emails and the internet absolutely loses it
TLDR: Hackers are hijacking SendGrid accounts to send fake political emails like “Support ICE” and trick furious users into clicking malicious links. Commenters are split between calling out the clickbait framing, marveling at how politics is now a hacking weapon, and sharing horror stories of outrage-fueled inbox scams.
SendGrid users woke up thinking their email provider had suddenly slapped a giant “Support ICE” button onto every email they send. Cue instant rage… and then the plot twist: it’s all a phishing scam, and the comment section is having a field day calling out both the hackers and the headline. One of the top voices immediately yells “clickbait!” and rushes to calm everyone down: no, SendGrid the company hasn’t gone full immigration cop, but yes, its email pipes are being hijacked to blast out political bait.
Commenters are both horrified and impressed. One calls politics a “vector for contagion,” comparing outrage-filled emails to a flu season of bad ideas, while another just pictures some poor soul “furiously clicking the button in a rage.” Others chime in with war stories: getting two to three of these a day, hitting “report phishing” like it’s whack-a-mole, and watching them keep coming. A few security-minded folks try to explain the mess in simple terms: if the bad guys steal a customer’s login, they can send emails that look totally legit, even to Google. But the real drama is the realization that scammers are now weaponizing hot-button issues like LGBTQ+ rights, Black Lives Matter, and ICE just to get you to mash that fake “opt out” link. The tech is scary—but the manipulation is what really freaks everyone out.
Key Points
- •Phishers are abusing compromised SendGrid customer accounts to send politically charged lures with “opt-out” buttons.
- •Messages pass SPF and DKIM checks because they are sent via SendGrid’s infrastructure, making them appear legitimate.
- •Attackers likely gain access through credential stuffing and password reuse.
- •Netcraft dubbed this pattern “Phishception” in 2024; Brian Krebs reported similar abuse in 2020, indicating the issue’s longevity.
- •Examples include fake platform-wide footers (Pride, BLM, Support ICE), language changes, and account termination notices.