The initial discussion about this is here: Two emails for one user. It continued here: Additional email address per user account support.
I think it was mainly implemented to deal with posting to Discourse via email for the case where users have multiple email accounts that they post from.
There isn’t anything in place that would cause Discourse to attempt to send an email to a secondary email address when emails sent to the primary email address bounce. I can see how that could be useful for some cases.
Technically, secondary emails can be used to find a user any time Discourse attempts to find a user from an email address with User.find_by_email
Users can login to Discourse using their secondary email address.
When an external auth provider is used for logging into Discourse, users can be found from their secondary email address based on the email address that’s provided by the auth provider.
Interestingly, if the auth overrides email site setting is enabled and the site’s external auth provider supplies the user’s secondary email, the secondary email becomes the primary email and the original primary email is destroyed. This case used to trigger a login error, so the behaviour seems to be intentional. I just spent way too long tracking down where it happens: https://github.com/discourse/discourse/blob/main/app/models/user.rb#L1602-L1620. (The old primary email is destroyed when the user is saved.)