That would mean Zen would have to check every single mail forwarder that connects to their systems before they implement it, and that isn't ever going to happen.
The problem is NOT of Zens' making, the problem is poor implementation by the upstream host.
I'm sorry, but the problem is entirely of Zen's making. RFC7208 doesn't say that an email that fails SPF must be rejected, it makes it clear that the decision to do so is a local policy.
And it goes on to state in D.3 that if the owner of the mailbox wishes to trust the mediator, ie the forwarder, then he should be able to do so.
So as Zen are refusing to provide a means to allow forwarders or individual mailboxes to be whitelisted, I would say that their implementation is equally poor.
I agree with the other posters about the appalling way this has done by Zen. No warning or notification - at the very least something should have been posted in the forums or in the knowledge base about their changes