I figured out how to get this to work the way I wanted to this morning. So if anyone else needs this same type of scenario, here's how I handled it:
1. Navigate to Domain -> Filtering -> Content Filtering
2. Create a new rule for that domain
3. Specify "To specific addresses" and "Specific extension"
4. Click next and on the next page make sure "AND" is selected ( I also use the "enable wildcards" feature )
5. In the "To Address" box type in all the email addresses you want to have the file extension blocked for. Leave out the ones that need to get the file extension. ( Make sure the drop down box says "Matches")
6. In the "Attachments" box fill in the file extensions you want to block. ( Make sure the drop down box says "Matches")
7. Click next.
8. Name the rule you just created and select the appropriate handling of the message. ( In my case I chose "Delete Message")
9. Save the rule.
Now going forward any emails being delivered the the specified users and has the attachment you blocked will now be deleted. So in my case I wanted to block all zip attachments for the specified users and allow the zip attachments for the users I don't have in the list.
Looking over the rule set and testing on my side it appears the Domain rule set takes precedence and then looks down to the user level to see if there's any additional filtering that needs to be done. So blocking at the domain level would delete the email regardless what I specified on the user content filtering.