Emails coming from Salesforce.com are being flagged by Email Impersonation Control (EIC) despite having "salesforce.com" in the Approved Senders domain list.

Note that while this article specifically targets "salesforce.com" emails, the concept holds true for any mass-mailing platform.

All entries in the Email Impersonation Control (EIC) Approved Senders lists are taken literally. An entry of "salesforce.com" would only include "salesforce.com" and not include subdomains, such the ones used by the Salesforce mailing platform (for example, *@devs00x00chv00h0.eyl0go.0r-fltveai.ca00.bnc.salesforce.com).

In order to allow salesforce.com emails to bypass Email Impersonation Control (EIC), please add *.salesforce.com in the Approved senders list.