I don't think issuer email addresses help in any way. Most people already have an email address (or in some cases, several), and adding another address to use just complicates things unnecessarily.
Using the email address that the director is most responsive to makes the most sense.
In any event, email is basically completely insecure (unless you use encrypted email, but the learning curve, and the additional hoops will certainly get in everyone's way).
Communication via the portal makes the most sense. Directors will be used to logging in, and the portal provides a reasonably secure platform for exchanging sensitive information.
The best thing is always to use the portal for 100% of all director communications. Most information exchanged won't be sensitive. But training everyone to use the portal means that when there is sensitive information to exchange, the portal, and people's habits to communicate on the portal, will provide the needed confidentiality.
