Not 100% sure (did not feel like testing)
grant all to email@example.com identified by mypassword
grant permissions to firstname.lastname@example.org.% identified by mypassword
The first one allows a specific user from a specific machine with all permissions, the second one a specific user from all machines in 5.2.2.* with specific permissions.
PS I canceled all external access on my box. I use telnet/ssh to get in the box and next use mysql on the box itself.