A friend of mine forwarded a suspicious email message recently. I’ve replaced the domain, order number, etc. below:

I validated for my friend that the email was bogus. The domain was not held by Domain Registry of America (DROA), and never had been. The domain was not expiring in the next 90 days. Later he received a follow-up email:

The scam attempts to get domain holders to transfer service and pay accordingly. It seems this scam has been around for at least eight years, though it has morphed over time. Apparently the DROA has chosen to test the 2003 judgment by the Federal Trade Commission (http://www.ftc.gov/opa/2003/12/domainreg.shtm).
One thing of interest here is the two-staged approach: The first message requires no action by the recipient, but the second message tells the user to obtain and hand over the keys to the castle.