Why is SPF (Sender Policy Framework) not fully implemented?

Why is SPF (Sender Policy Framework) not fully implemented?

I see many what to me are spam emails that have Zoho mail inserted headers like:

Received-SPF: Fail (zoho.com: domain of Morris.afa4@swisscom.ch does not designate 46.14.140.7 as permitted sender ) client-ip: 46.14.140.7

Note this an actual spam email header (we got 20 plus in the same ten minutes to one domain alone) and on others the 'domain of' and IP address vary. 

So, with SPF, domains specify which IP address they wish to be known as sending from so that IF someone tries to spoof them as a sending domain the receiver (here Zoho) will know and reject the email (a look up to the DNS Zone text record shows the SPF policy).  Yet here Zoho knows that (in this particular case) " Morris.afa4@swisscom.ch" does not specify IP "46.14.140.7 as permitted sender" (conclusion it should be junked as spam) and yet goes on to put it in to our mail boxes!

Why isn't SPF fully implemented in Zoho?