Email Impersonation control settings has been enabled with an action like "Block" or "Quarantine" or "Redirect to administrator"
Sales force emails usually spoof the "BODY FROM" part of the message. The Email Impersonation control scan is done against the "BODY FROM ". This causes the email to be caught as an Impersonation attempt and the selected action is applied.
To avoid Salesforce emails from being caught as an Impersonation attempt, the Salesforce IPs or the sending domain itself can be whitelisted only from Impersonation control.
If any other third party services that legitimately spoof your provisioned domains are utilized, the sending server IPs or the envelope sender domain should be added to the Approved Sender list in Impersonation control.
Note: The Approved Sender list for Email Imperosnation control is different from the Anti spam Approved Sender list.