Check the email by getting it replayed ( Go to Email, then Trace and Replay ) 

It will then come through. Open the email in HTML and find all the links it links to and also any image links

Found the linked in Image on poor reputation of the website http://www.seosydney_com_au/wp-content/uploads/2016/04/linkedin.png which is embedded in the email body

You can confirm this on the Talos website which is one of the reputation services used by Firstwave:

https://talosintelligence.com/reputation_center/lookup?search=www_seosydney_com_au%2Fwp-content%2Fuploads%2F2016%2F04%2Flinkedin.png

Changed Email Body of signature to link to LinkedIn Logo from main LinkedIn Site

Best practice is to advise the sender of the poor web reputation of some of the links in their emails. They can contact Talos regarding that.

As a work around, I would recommend that you remove the policy you have applied under content control application and apply the same policy in the security application, under malicious url (remember to allow email domain not the blocked domain ) 

If you can’t edit this you will need to get Firstwave support to do this