Ars Technica has identified a scheme that sends phishing emails from [email protected], a real address that the company advises users to add to their allow lists.