No - trendmicro.com is not practically spoofable.

• ✓DMARC policy=reject at 100%: DMARC rejects all email claiming to be from trendmicro.com unless it passes DKIM or SPF alignment. The 100% enforcement (pct=100) and strict alignment (adkim=r, aspf=r) means there's no wiggle room for attackers.
• ✓SPF -all (hardfail): SPF hardfail (-all) means any IP not explicitly listed in the SPF record will fail. The record includes mx, three dedicated Trend Micro IP blocks, plus legitimate third-party senders (Mandrill, Docebo, etc.), but rejects everything else.
• ✓DKIM at 6 active selectors: Six different DKIM selectors found (selector1, mandrill, s1, s2, k2, selector2) indicates multiple signing sources across different platforms and regions. An attacker would need to compromise a private key to forge a valid signature.
• ·MTA-STS missing: MTA-STS enforces TLS in transit and prevents downgrade attacks. While missing, it's a lesser concern given the strong DMARC/SPF/DKIM posture already in place.

Bottom line: Trend Micro has deployed DMARC, SPF, and DKIM with strict enforcement and no policy carve-outs—a category leader in email security posture that matches its business model as a security vendor.