It's a common security practice, to prevent scammers from using official-looking usernames, or even tricking services that verify domain ownership by sending email to postmaster@ or admin@.
I discovered it innocently. I wanted to create a gmail address named support{myfirm}.gmail.com. Of course I instantly understood what you point out but then I had to discover all the other edge cases.
Such lists are usually kept secret, but there are a few open source word lists that people can adopt for their services, for example, https://github.com/shouldbee/reserved-usernames.