make-fun, your explanation was very clear and did shed a LOT of light on how things work. So the solution is to simply create the co-domain with no Host Name to make the firstname.lastname@example.org
accounts function as required. I do agree it creates additional opportunities for spammers, but it works. The added suggestion of changing Mailserver to external for Host Name www is also very useful to reduce that problem.
Thanks again to all who replied. Wonderful community!!