Offering too many options for the email address prefix increases the risk of issuing a certificate to a subscriber who does not own/control the domain. Therefore, the list of email address prefixes should be limited.
Mozilla's recommendation is to limit the set of verification addresses to the following. Discussion is underway to make this a mandatory part of Mozilla's requirements.
* admin@domain