Currently the email appears to go out from whoever is logged into the account for sending the invoice. If they are not logged in with the domain associated with email send, gmail creates a phishing notice.