To avoid Salesforce emails from being caught as an Impersonation attempt, the Salesforce IPs or the sending domain itself can be whitelisted from Impersonation control.

• Email Impersonation supports sender IP addresses, domains, and email addresses. 
• To add an entry, go to  Services > Email Services > Email Impersonation Control Settings
• Add Sales Force IP ranges or the domain salesforce.com to the Approved Senders list. To allow a sub-domain, wildcards can be used (e.g. *.salesforce.com).
• Click Save and Exit. This change will take up to an hour for propagation.

If any other third-party services that legitimately spoof your provisioned domains are utilized, the sending server IPs or the envelope sender domain should be added to the Approved Sender list in Impersonation control.

Note: The Approved Sender list for Email Impersonation control is different from the Anti-spam Approved Sender list.
         - More details about Email Impersonation Control can be found at - Email Impersonation Control Settings