[zimbatm]

It reminds me of the list of names that all SaaS companies should reserve project I did a while ago. Maybe I should add "malware" on it :)

https://zimbatm.github.io/hostnames-and-usernames-to-reserve...

[ehPReth]

The "CA ownership verification" ones are a bit excessive.. 'admin', 'administrator', 'webmaster', 'hostmaster', or 'postmaster' are the currently permitted localparts for domain validation. (From 3.2.2.4.4 of https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-...). It was more 'CAs make up their own scheme' in the past though but thankfully that's been reigned in.

[provost]

What a great list! I’d recommend adding “secure” too.

[jperras]

Ah, great list!