Yes. You’ll need to enable the auth overrides email site setting for this. When enabled, a user’s Discourse email is synced with the email that included in the auth payload (the DiscourseConnect payload for your case) each time the user logs in. If it’s not enabled, the user’s email will be set to the auth payload’s email when the account is initially created, but not updated on subsequent logins.
Assuming auth overrides email is enabled, you can also update it without requiring users to login by making an API request to the sync_sso route: Sync DiscourseConnect user data with the sync_sso route.
You could also update user’s email addresses in bulk from the site’s Rails console, but (I think) doing it that way will trigger a confirmation email to be sent from Discourse to the user. That won’t work with fake email addresses.
Maybe you could just set the emails to something meaningful to begin with. Once you’ve got a Discourse site setup, you should do some tests to see what email domains Discourse will accept for fake emails. Going from memory, I think @invalid.com is accepted. I’m not sure about other domains. On your end, you could map something like <userId>@invalid.com to the user’s actual email address.