Email Impersonation control settings has been enabled with an action like "Block" or "Quarantine" or "Redirect to administrator" 

Sales force emails usually spoof the  "BODY FROM" part of the message.  The Email Impersonation control scan is done against the "BODY FROM ".  This causes the email to be caught as an Impersonation attempt and the selected action is applied.

To avoid Salesforce emails from being caught as an Impersonation attempt, the Salesforce IPs or the sending domain itself can be whitelisted only from Impersonation control.

• Go to  Services > Email Services > Email Impersonation Control Settings
• Add Sales Force IP ranges or the domain salesforce.com to  Approved Senders list.
• Note that Email Impersonation Control does not automatically support sub-domains in the approved senders. Each domain/sub-domain must be added individually.
• Click Save and Exit. This change will take up to an hour for propagation.

If any other third party services that legitimately spoof your provisioned domains are utilized, the sending server IPs or the envelope sender domain should be added to the Approved Sender list in Impersonation control.

Note: The Approved Sender list for Email Imperosnation control is different from the Anti spam Approved Sender list.