Reg. Z requires periodic disclosures in a form that the consumer may keep. E-delivery satisfies this form requirement, but the substitution of electrons for paper requires informed demonstrable consent (a primary purpose of ESIGN.)
Reg. Z does not limit the type of e-delivery you may use, but ESIGN requires a proper "test drive" of any system you select. Once the customer has passed the test (hardware and software all in place and working), ESIGN relieves you of any further obligation to determine whether the customer actually receives e-statements, opens them, or reads their content.
The Fed's misguided 2001 e-Regs required you to use email, (optionally) monitor bouncebacks, and resend to an alternate EMA or switch to paper. This rule reflected a simplistic and unworkable view of the electronic world, and the Fed has now abandoned it totally. Systems designed during the e-Reg era will support bounceback monitoring, and you may wish to continue using this feature. Bear in mind, however that email systems can be set up to bounce back, redirect, or vaporize undeliverable messages.
From the security perspective, I'd be more concerned about the messages that go into an electronic black hole (where they are susceptible to fraudulent misuse) than the ones that bounce back.
_________________________
...gone fishing.