This fake delivery email does not come from UKMail but is instead a simple forgery with a malicious attachment:
Date: 23 November 2015 at 11:06
Subject: UKMail 988271023 tracking information
Your parcel has not been delivered to your address November 23, 2015, because nobody was at home.
Please view the information about your parcel, print it and go to the post office to receive your package.
UKMail expressly disclaims all conditions, guarantees and warranties, express or implied, in respect of the Service.
Where the law prevents such exclusion and implies conditions and warranties into this contract,
where legally permissible the liability of UKMail for breach of such condition,
guarantee or warranty is limited at the option of UKMail to either supplying the Service again or paying the cost of having the service supplied again.
If you don't receive a package within 30 working days UKMail will charge you for it's keeping.
You can find any information about the procedure and conditions of parcel keeping in the nearest post office.
The attachment is named 988271023-PRCL.doc and so far I have come across three different versions of this (VirusTotal results   ), containing a malicious macro like this [pastebin] which according to these Hybrid Analysis reports    downloads a malware binary from the following locations:
This binary has a VirusTotal detection rate of 5/54. That VirusTotal report plus this Hybrid Analysis report and Malwr report indicate malicious traffic to the following IPs:
18.104.22.168 (Trinity College Hartford, US)
22.214.171.124 (Elvsoft SRV, Romania / Coreix, UK)
126.96.36.199 (Agava Ltd, Russia)
188.8.131.52 (UZINFOCOM, Uzbekistan)
184.108.40.206 (Sibirskie Seti, Russia)
220.127.116.11 (M2 Telecommunications, Australia)
18.104.22.168 (Memset Ltd, UK)
22.214.171.124 (SGGW, Poland)
126.96.36.199 (Etihad Atheeb Telecom Company, Saudi Arabia)
188.8.131.52 (Infobox.ru, Russia)
184.108.40.206 (University Of The Aegean, Greece)
The payload is likely to be the Dridex banking trojan.