diff --git a/interface/web/dns/dns_dmarc_edit.php b/interface/web/dns/dns_dmarc_edit.php
index 00df3e88c05244e7bc2ea57912e7d47a0dd50a4e..e194aeb835ca21720b69a453044e90145097858e 100644
--- a/interface/web/dns/dns_dmarc_edit.php
+++ b/interface/web/dns/dns_dmarc_edit.php
@@ -236,8 +236,10 @@ class page_action extends tform_actions {
 		}
 
 		// ... and an active spf-record (this breaks the current draft but DMARC is useless if you use DKIM or SPF
-		$sql = "SELECT * FROM dns_rr WHERE name LIKE ? AND type='TXT' AND (data LIKE 'v=spf1%' AND active = 'y')";
-		$temp = $app->db->queryAllRecords($sql, $domain_name.'.');
+		$sql = "SELECT * FROM dns_rr
+					LEFT JOIN dns_soa ON (dns_rr.zone=dns_soa.id)
+					WHERE dns_soa.origin = ? AND (dns_rr.name LIKE ? OR dns_rr.name = '') AND type='TXT' AND data like 'v=spf1%' AND dns_rr.active='Y'";
+		$temp = $app->db->queryAllRecords($sql, $soa['origin'], $soa['origin']);
 		// abort if more than 1 active spf-records (backward-compatibility)
 		if (is_array($temp[1])) {
 			if (isset($app->tform->errorMessage )) $app->tform->errorMessage = '<br/>' . $app->tform->errorMessage;