I think the original question has answered (and appreciate @jsha's practical anti-phishing advice), so I suggest moving discussion of Let's Encrypt's policy and practice in this regard to the existing thread at
1 Like