diff --git a/app/controllers/domains_controller.rb b/app/controllers/domains_controller.rb
index 10950b5..06ea754 100644
--- a/app/controllers/domains_controller.rb
+++ b/app/controllers/domains_controller.rb
@@ -1,86 +1,89 @@
 class DomainsController < ApplicationController
   before_action :authenticate_user!
 
   before_action :domain, only: [:show, :edit, :edit_dnssec, :update, :destroy]
   before_action :group,  only: [:show, :edit, :edit_dnssec, :update, :destroy]
 
   helper_method :edit_group_scope
 
   # GET /domains
   def index
     @domains = show_domain_scope.all
   end
 
   # GET /domains/1
   def show
     @record = Record.new(domain_id: @domain.id)
   end
 
   # GET /domains/new
   def new
     @domain = Domain.new(new_domain_params)
   end
 
   # GET /domains/1/edit
   def edit
   end
 
   # GET /domains/1/edit_dnssec
   def edit_dnssec
   end
 
   # POST /domains
   def create
     @domain = Domain.new(domain_params)
 
     if @domain.save
       notify_domain(@domain, :create)
       redirect_to @domain, notice: "#{@domain.name} was successfully created."
     else
       render :new
     end
   end
 
   # PATCH/PUT /domains/1
   def update
     if @domain.update(domain_params)
       notify_domain(@domain, :update)
       redirect_to @domain, notice: "#{@domain.name} was successfully updated."
     else
       if domain_params[:dnssec] # DNSSEC form
         render :edit_dnssec
       else
         render :edit
       end
     end
   end
 
   # DELETE /domains/1
   def destroy
-    @domain.destroy
-    notify_domain(@domain, :destroy)
-    redirect_to domains_url, notice: "#{@domain.name} was successfully destroyed."
+    if @domain.remove
+      notify_domain(@domain, :destroy)
+      redirect_to domains_url, notice: "#{@domain.name} is scheduled for removal."
+    else
+      redirect_to domains_url, alert: "#{@domain.name} cannot be deleted! (state '#{@domain.state}')"
+    end
   end
 
   private
 
   def group
     domain.group
   end
 
   def new_domain_params
     params.permit(:group_id)
   end
 
   def domain_params
     params.require(:domain).tap { |d|
       # Make sure group id is permitted (belongs to edit_group_scope)
       d[:group_id] = edit_group_scope.find_by_id(d[:group_id]).try(:id)
     }.permit(:name, :type, :master, :group_id, :dnssec, :dnssec_parent, :dnssec_parent_authority)
   end
 
   def notify_domain(*args)
     notification.notify_domain(current_user, *args)
   end
 
 end
diff --git a/app/views/domains/index.html.erb b/app/views/domains/index.html.erb
index 190fbe6..a8ec88c 100644
--- a/app/views/domains/index.html.erb
+++ b/app/views/domains/index.html.erb
@@ -1,60 +1,60 @@
 <% if current_user.memberships.empty? %>
   <div class="jumbotron">
     <h2>Wellcome to WebDNS!</h2>
     <p>
       In order to manage domains you have to be a member of a group.
     </p>
     <p>
       You can either contact an admin to create a new group for you, or ask another user for an invite to an existing group.
     </p>
   </div>
 <% end %>
 
 <table class="table table-striped">
   <thead>
   </thead>
 
   <tbody>
     <% @domains.group_by(&:group).each do |group, domains| %>
       <tr>
         <th colspan="2" style="width:800px">
           <%= link_to group.name, group_path(group) %>
           <%= link_to glyph('menu-down'), "##{group.id}", onclick: "$('tr.group-#{group.id}').toggleClass('hidden');" %>
         </th>
         <th>State</th>
         <th colspan="2">Controls</th>
       </tr>
       <% domains.each do |domain| %>
         <tr class="group-<%= group.id =%>">
           <td>
             <% if domain.reverse? %>
               <%= abbr_glyph('chevron-left', 'Reverse') %>
             <% elsif domain.enum? %>
               <%= abbr_glyph('phone-alt', 'Enum') %>
             <% else %>
               <%= abbr_glyph('chevron-right', 'Forward') %>
             <% end %>
             <% if domain.slave? %>
               <%= abbr_glyph('link', 'Slave') %>
             <% end %>
             <% if domain.dnssec? %>
               <%= abbr_glyph('flash', 'DNSSEC') %>
             <% end %>
           </td>
           <td style="width:800px"><%= link_to domain.name, domain %></td>
           <td><%= human_state(domain.state) %></td>
           <td><%= link_to_edit edit_domain_path(domain) %></td>
-          <td><%= link_to_destroy domain, method: :delete, data: { confirm: 'Are you sure?' } %></td>
+          <td><%= link_to_destroy domain, method: :delete, data: { confirm: 'Are you sure?' } if domain.can_remove? %></td>
         </tr>
       <% end %>
     <% end %>
   </tbody>
 </table>
 
 <p>
   <% if current_user.memberships.any? %>
     <%= link_to 'Add Domain', new_domain_path, class: 'btn btn-primary' %>
   <% else %>
     <%= link_to 'Add Domain', new_domain_path, class: 'btn btn-primary disabled' %>
   <% end %>
 </p>
diff --git a/app/views/groups/show.html.erb b/app/views/groups/show.html.erb
index 4d2b300..42dad77 100644
--- a/app/views/groups/show.html.erb
+++ b/app/views/groups/show.html.erb
@@ -1,85 +1,85 @@
 <% content_for :more_breadcrumbs do %>
   <li>
     <%= link_to_edit edit_admin_group_path(@group) %>
     <%= link_to_destroy admin_group_path(@group), method: :delete, data: { confirm: 'Are you sure?' } %>
   </li>
 <% end if admin? %>
 
 <ul class="nav nav-tabs">
   <li role="presentation" class="active"><a data-toggle="tab" href="#domains">Domains</a></li>
   <li role="presentation"><a data-toggle="tab" href="#members">Members</a></li>
 </ul>
 
 <div class="tab-content">
   <div role="tabpanel" class="tab-pane active" id="domains">
     <table class="table table-striped table-hover">
       <thead>
         <tr>
           <th colspan="2">Domain</th>
           <th>State</th>
           <th colspan="2">Controls</th>
         </tr>
       </thead>
 
       <tbody>
         <% @group.domains.each do |domain| %>
           <tr>
             <td>
               <% if domain.reverse? %>
                 <%= abbr_glyph('chevron-left', 'Reverse') %>
               <% elsif domain.enum? %>
                 <%= abbr_glyph('phone-alt', 'Enum') %>
               <% else %>
                 <%= abbr_glyph('chevron-right', 'Forward') %>
               <% end %>
               <% if domain.slave? %>
                 <%= abbr_glyph('link', 'Slave') %>
               <% end %>
               <% if domain.dnssec? %>
                 <%= abbr_glyph('flash', 'DNSSEC') %>
               <% end %>
             </td>
             <td><%= link_to domain.name, domain %></td>
             <td><%= human_state(domain.state) %></td>
             <td><%= link_to_edit edit_domain_path(domain) %></td>
-            <td><%= link_to_destroy domain, method: :delete, data: { confirm: 'Are you sure?' } %></td>
+            <td><%= link_to_destroy domain, method: :delete, data: { confirm: 'Are you sure?' } if domain.can_remove? %></td>
           </tr>
         <% end %>
       </tbody>
     </table>
 
     <p>
       <%= link_to 'Add Domain', new_domain_path(group_id: @group.id), class: 'btn btn-primary' %>
     </p>
 
   </div>
 
   <div role="tabpanel" class="tab-pane" id="members">
     <table class="table table-striped table-hover">
       <thead>
         <tr>
           <th>Member</th>
           <th>Controls</th>
         </tr>
       </thead>
 
       <tbody>
         <% @group.memberships.includes(:user).each do |membership| %>
           <tr>
             <td><%= membership.user.email %><%= " (you)" if current_user == membership.user %></td>
             <td>
               <%= link_to_destroy destroy_member_group_path(@group, membership.user_id), method: :delete %>
             </td>
           </tr>
         <% end %>
       </tbody>
     </table>
 
     <p>
       <%= bootstrap_form_tag(url: create_member_group_path(@group), layout: :inline) do |f| %>
         <%= f.text_field :email, prepend: 'Add Member', hide_label: true, id: 'js-search-member', data: { group: @group.id } %>
         <%= f.submit 'Add', class: 'btn btn-primary' %>
       <% end %>
     </p>
   </div>
 </div>
