No - linkedin.com is not practically spoofable.

• ✓DMARC policy=reject (enforced): LinkedIn requires both SPF or DKIM alignment and rejects unauthenticated mail outright. This is the strongest possible DMARC posture—no fallback, no wiggle room.
• ·SPF with softfail (~all): SPF covers LinkedIn's sending infrastructure (6 IP ranges plus docusign.net for transactional mail) but softfail allows unauthenticated senders through at low priority. Combined with hard-reject DMARC, this softfail becomes largely academic: Gmail, Outlook, and other major receivers respect the DMARC reject signal regardless.
• ✓DKIM (google selector found): DKIM signature is active and discoverable, providing cryptographic proof of message origin. Attackers cannot forge this without LinkedIn's private key.
• ·MTA-STS missing: MTA-STS isn't deployed, so there's no machine-readable policy enforcing TLS for SMTP delivery. This is a minor gap—it doesn't weaken authentication, but it does leave a small window for downgrade attacks on the transport layer.

Bottom line: LinkedIn's DMARC reject policy, paired with active DKIM, makes spoofing extremely difficult; this is a mature, well-executed authentication posture.